Hopscotch™
Security & Compliance

Our Approach to Security & Compliance

Hopscotch is committed to providing high standards in security and compliance. By following best practices, we've provided built-in components to fulfill a range of platform security and data privacy obligations.

Secure By Design

We ensure that security is treated as a priority throughout the development of all technology and platforms. This includes incorporating security from the app code to server infrastructure. We prioritise the following areas:

Server Protection & Recovery

Our security coverage extends from apps, all the way up to dedicated or virtual environments where built-in controls mitigate attacks, and trusted guidelines are in place to disable high-risk access. For recovery, we provide on-site and off-site (encrypted-at-rest) backups for recovery.

Access & Hardening

Our technology is designed not only for user access, but account and level access too. This allows a tiered approach to access hardening and mitigates the exploitation of user system rights, the ability to modify other accounts’ data, and unauthorised executions on data or functions.

Attack Defenses & Monitoring

Built-in controls track and defend known attack patterns such as injections and brute force attempts, and monitor each attack with defense notifications, as well as block mechanisms so that securtiy teams are alerted early and can respond proactively.

Permission-Based Validation

Our technology has built-in controls to validate all appropriate functions, methods, data, and features before being allowed to execute or access. This can be a block of code, a row in the database, a physical directory, a physical file, or features.

Guided Standards

In addition to taking our own security approaches, we also refer to the OWASP Top 10 and ISO27001 for guidance on implementing new mitigation recommendations.

 

Privacy By Design

At Everyday, we’re dedicated to upholding the highest standards of privacy and data protection. That’s why we’ve implemented comprehensive controls that make it easy to comply with GDPR, POPPIA, and other relevant regulations.

GDPR Gold Standard

We are committed to protecting user privacy and providing secure products that are compliant with the Global Data Protection Regulation (GDPR). Our apps and Software-as-a-Service products follow the industry standard in terms of user privacy and consent. To make it even easier for customers to plug and play, we have integrated Terms and Conditions, Privacy Policies, and End-User License Agreements (EULA) into our products.

Apps built with Everyday technology take an explicit consent approach to collecting personal, location, and contact data; a privacy-first, trusted experience by default.

Data Transparency

We value data transparency and strive to provide our users and customers with the tools and information they need in order to achieve such transparency. Our comprehensive data flow solutions ensure that users and customers can trust the apps and services they interact with, creating a secure, reliable experience.

Right to Withdraw

We’ve built-in an easy-to-use withdraw feature that allows app users to request access to their data, data erasuyre, or for their account to be deleted quickly and effortlessly.