Code Monkey Studios is the Data Handler for GPSBob Ltd, and is owned and operated by the same team.

At Code Monkey Studios, safeguarding the integrity, confidentiality, and security of our data is paramount. To ensure our operations, customer information, and intellectual property are protected from unauthorized access, we have implemented comprehensive data protection measures, including the use of firewalls and encryption. This policy outlines our commitment to maintaining robust data security and the procedures we follow to protect our digital assets.

1. Firewall Protection
Firewalls serve as a critical component of our network security, acting as a barrier between our internal systems and potential external threats. Code Monkey Studios uses both network and host-based firewalls to monitor and control incoming and outgoing traffic.

Firewall Guidelines:
Network Firewalls: These are configured to protect the entire studio network by filtering traffic at the perimeter. They are set up with rules that only allow trusted, authorized access.

Host-based Firewalls: Deployed on individual systems, these ensure that each device within our network is protected against unauthorized access and malicious traffic.
Next-Generation Firewalls (NGFW): These advanced firewalls are equipped with deep packet inspection capabilities, which enable us to detect and block more sophisticated threats, such as malware and exploits.

Code Monkey Studios regularly updates and monitors our firewall configurations to ensure that they align with current security standards and address evolving threats.

2. Encryption Protocols
Encryption is a core element of our data protection strategy, ensuring that all sensitive information remains confidential and secure, both during storage and transmission. Code Monkey Studios employs industry-standard encryption techniques to protect data at rest and in transit.

Encryption Standards:
Data at Rest: All stored sensitive information, including customer data and proprietary content, is encrypted using strong encryption algorithms. This ensures that unauthorized parties cannot access or manipulate this data.

Data in Transit: Any data transmitted over public or private networks is encrypted to prevent interception or tampering. This includes emails, communications, and data shared via external systems or platforms.

End-to-End Encryption (E2EE): For critical communications, Code Monkey Studios implements end-to-end encryption, ensuring that data is encrypted on the sender's side and only decrypted by the intended recipient.
We use both symmetric and asymmetric encryption, depending on the specific requirements of the data and the level of security needed.

3. Access Control and Secure Remote Access
To maintain the highest level of data protection, Code Monkey Studios enforces strict access control policies and secure remote access protocols.

Access Control Policies: Role-Based Access: Access to sensitive data is limited based on job roles. Only authorized personnel have access to specific systems and data, reducing the risk of internal breaches.

Multi-Factor Authentication (MFA): MFA is required for accessing critical systems, ensuring that even if credentials are compromised, an additional layer of verification is in place.
VPN Usage: Employees accessing the studio’s systems remotely are required to use a Virtual Private Network (VPN), which encrypts all transmitted data and adds a layer of security when accessing company resources from outside the office.

4. Regular Monitoring and Updates

Our data protection mechanisms, including firewalls and encryption protocols, are regularly monitored, tested, and updated to stay ahead of emerging threats. This proactive approach helps us identify and address any vulnerabilities before they can be exploited.

Monitoring and Auditing:
Firewall Logs: We continually monitor firewall logs to detect suspicious activity or attempts to breach the network.
Encryption Audits: Regular audits ensure that our encryption standards remain up-to-date and aligned with the latest security protocols.
Software Updates: All security-related software, including firewall systems and encryption tools, is updated as soon as patches or new versions become available to protect against vulnerabilities.

5. Data Breach Response Plan
In the unlikely event of a data breach, Code Monkey Studios has a detailed incident response plan in place. This includes:

Immediate Isolation of Affected Systems: If a breach is detected, the affected systems will be isolated to prevent further damage.

Internal and External Notifications: Our team will notify stakeholders, including affected individuals and relevant regulatory bodies, within the appropriate timeframe.

Forensic Investigation: We will conduct a thorough investigation to determine the cause of the breach and implement measures to prevent future incidents.

6. Employee Training and Awareness
At Code Monkey Studios, we understand that employees play a critical role in data protection. To that end, we provide ongoing training and resources to ensure that all staff members understand their responsibilities regarding data security.

Training Includes:
Security Best Practices: Employees are trained on recognizing phishing attacks, using strong passwords, and following safe browsing habits.
Handling Sensitive Data: Clear guidelines are provided on how to handle and store sensitive data, including the use of encryption and secure file-sharing methods.
Incident Reporting: Employees are encouraged to report any suspicious activity or potential security breaches immediately to the IT department.

7. Compliance with Regulations
Code Monkey Studios adheres to all relevant data protection regulations, including GDPR, HIPAA, and any other applicable laws. Our encryption standards, firewall configurations, and data management practices are designed to meet or exceed these regulatory requirements.

8. Policy Updates
This Data Protection Policy is subject to periodic review and may be updated to reflect new security threats, changes in technology, or updates in regulations. Code Monkey Studios will notify employees and stakeholders of any significant changes.

Conclusion
Code Monkey Studios is committed to ensuring the confidentiality, integrity, and availability of its data. By implementing firewalls, encryption, and other security measures, we are taking proactive steps to protect our digital assets and maintain the trust of our customers, partners, and employees.

This policy applies to all staff, contractors, and third-party vendors working with Code Monkey Studios' data. Any violation of this policy may result in disciplinary action or termination of contract.