Interviewing a candidate? Generate questions now
Godric LogoGodric
Log in

Policy

Data Security Policy

Last updated November 28, 2025

At Godric, we take the security of your data seriously. This policy describes the key measures we use to protect information you store and process in our service.

This Data Security Policy is separate from our Privacy Policy, which explains how we collect and use personal data.

1. Infrastructure & Data Location

  • Our service is operated by Multimodal Ventures Limited, based in Hong Kong.
  • We host our infrastructure with leading cloud providers:
    • Amazon Web Services (AWS) - USA
    • Microsoft Azure - USA
  • These providers maintain numerous compliance certifications including SOC 2 and offer strong physical, network, and environmental security controls for their datacenters.
  • All infrastructure is virtualized and secured in top-tier data centers; we do not maintain physical servers.

2. Encryption

  • In transit: All data transmitted between your browser or application and our service is protected using HTTPS with TLS for secure connections.
  • At rest: Data stored in our production databases and file storage is encrypted at rest using industry-standard AES-256 encryption.
  • Sensitive secrets: Credentials, access tokens, and similar secrets are stored using strong encryption and/or one-way hashing.

3. Access Control & Authentication

  • Access to production systems is restricted to a limited number of authorized personnel with a legitimate business need.
  • Access rights are granted following the principle of least privilege and are reviewed periodically.
  • Employee onboarding and offboarding processes ensure timely granting and revocation of access.
  • Only authorized personnel have access to customer data, and strictly for the purpose of supporting the service.

4. Application & Network Security

  • Systems and dependencies are regularly patched and updated to address known vulnerabilities.
  • Our code undergoes regular vulnerability scanning to identify and resolve security risks.
  • We follow secure development practices, including adherence to OWASP Top 10 security standards and environmental separation for development, testing, and production
  • Automated tools are used to monitor for suspicious activity and potential security issues.

5. Data Backup & Business Continuity

  • Encrypted backups of key data are performed on a regular basis and stored securely.
  • Backups are tested periodically to verify recoverability.

6. Security Monitoring & Incident Response

  • Systems are monitored for unusual or unauthorized activity, performance anomalies, and potential threats.
  • In the event of a data breach that affects your data, we will notify impacted customers and relevant regulatory authorities within 72 hours of becoming aware of the breach, in accordance with GDPR, PDPO, and other applicable legal requirements.

7. Third-Party Service Providers

  • We use carefully selected third-party providers (such as hosting, email delivery, and payment processing) to support our service.
  • These providers act as our sub-processors and are required to implement appropriate technical and organizational security measures and to use data only for the services we request.
  • You may contact us for more details about our current sub-processors.

8. International Transfers & Compliance

  • Because our primary hosting locations are in the USA, your data may be processed and stored outside your country of residence.
  • We take steps to ensure that any international transfers are made in accordance with applicable data protection laws and that appropriate safeguards are in place.
  • We are committed to compliance with the General Data Protection Regulation (GDPR), the Hong Kong Personal Data (Privacy) Ordinance (PDPO), and other applicable privacy laws.

9. Your Rights & Responsibilities

Your Data Rights

Depending on your location and applicable law, you may have certain rights regarding your personal data, such as:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Ask us to correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data, subject to legal obligations.
  • Restriction: Ask us to limit how we use your data in certain circumstances.
  • Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Objection: Object to certain types of processing (such as direct marketing).
  • Consent withdrawal: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@godric.ai.

We may need to verify your identity before responding to your request.

Your Security Responsibilities

While we work to protect your data, security is a shared responsibility. You are responsible for:

  • Protecting your account credentials and choosing strong passwords
  • Limiting access to your user accounts
  • Configuring any available security settings within the product
  • Promptly notifying us if you suspect unauthorized access to your account

10. Contact

If you have questions about this Data Security Policy, please contact us at:

Godric Security Team

Email: privacy@godric.ai

Registered address: UNIT 1712, 17TH FLOOR CITICORP CENTRE 18 WHITFIELD ROAD CAUSEWAY BAY, HONG KONG, Hong Kong SAR

For more detailed information on how we handle personal data, please view our Privacy Policy and Terms of Service.