This Security Policy outlines Crosscheck's commitment to protecting the confidentiality, integrity, and availability of your data. It covers both the Crosscheck web application and the Checks browser extension.

Core Security Measures (Apply to both Web App and Checks Extension):

Data Encryption: Crosscheck utilizes industry-standard encryption methods (like AES-256) to protect your data at rest and in transit, both within the web application and the Checks extension.

Access Controls: Granular access controls restrict access to your data based on user roles and permissions. Only authorized personnel have access to your information, regardless of accessing through the web app or Checks extension.

Data Backup and Recovery: Regular backups ensure data availability in case of unforeseen events. A robust disaster recovery plan allows for quick data restoration in the event of an outage. Both the web application and Checks extension leverage these backups.

Vulnerability Management: We continuously monitor our platform (including the Checks extension) for vulnerabilities and take prompt action to address any potential security risks. We encourage you to keep the Checks extension updated to benefit from the latest security patches.

User Authentication and Authorization:

Web Application: Strong password policies and multi-factor authentication (MFA) secure user logins. Choose strong and unique passwords for your Crosscheck account.

Checks Extension: The Checks extension leverages your existing Crosscheck web application login credentials. Ensure you maintain strong passwords and MFA within the web application for comprehensive protection.

User Activity Monitoring: We monitor user activity within both the web application and Checks extension to detect any suspicious or unauthorized access attempts.

Additional Security Considerations for Checks Extension:

Browser Extension Permissions: The Checks extension will request specific permissions from your web browser to function properly. These permissions will be clearly outlined during installation and should only grant access necessary for capturing screenshots, recordings, and interacting with web pages as intended.

Data Transmission: When using Checks extension to capture screenshots, recordings, or other data from web pages, the extension will transmit that data securely to the Crosscheck web application for storage. The secure communication channels established by the web application (as outlined above) will be used for this data transfer.

Extension Updates: Similar to the web application, Crosscheck automatically delivers security patches and feature updates to the Checks extension. Ensure you keep the extension updated for optimal security.

Security Awareness and Training:

Employee Training: Our employees are regularly trained in security best practices to ensure the proper handling of your data.

Compliance:

Compliance Standards: Crosscheck strives to comply with relevant industry standards and regulations related to data security.

Incident Reporting: If a security incident occurs, we will promptly investigate and take necessary actions to mitigate the risks and restore normal operations. We will also notify you in a timely manner if your data is affected by a security incident.

Your Responsibilities:

Secure Login Credentials: Keep your Crosscheck login credentials (username and password) secure and confidential for both web application and browser extension access.

Suspicious Activity: Report any suspicious activity or unauthorized access attempts within the web application or Checks extension immediately.

Browser Extension Permissions: Review the requested permissions during Checks extension installation and only grant those necessary for its intended functionality.

Data Security Practices: Maintain good security practices within your organization, such as using strong passwords, being cautious about opening suspicious emails or attachments, and being mindful of what information you capture with the Checks extension.

Changes to this Security Policy:

We reserve the right to modify this Security Policy at any time. We will notify you of any material changes to the policy.

This policy provides a high-level overview of our security practices. For more detailed information, please refer to Crosscheck's documentation or contact our support team.