Data Security Policy

1. Introduction At InnovAID Solutions (“Company,” “we,” “us,” or “our”), we prioritize the security and confidentiality of user data. This Data Security Policy outlines our measures to protect data from breaches, unauthorized access, and cyber threats when using our services, including ProPilot and PersonAID (the “Services”). We adhere to industry best practices and comply with global security standards to safeguard your information.

By using our Services, you agree to the security measures described in this policy.

2. Data Protection Measures We implement robust security protocols to ensure user data remains protected:

• Encryption: We use AES-256 encryption for data at rest and TLS 1.2+ for data in transit to prevent unauthorized access.
• Access Controls: Multi-factor authentication (MFA) and role-based access controls (RBAC) restrict data access to authorized personnel only.
• Firewalls and Intrusion Detection: Advanced firewall configurations and intrusion detection systems (IDS) monitor and block potential threats.
• Data Anonymization: Sensitive user data may be anonymized or pseudonymized to enhance privacy protection.
• Secure Hosting: Our infrastructure is hosted on servers with ISO 27001, SOC 2, and GDPR-compliant data centers.
• Regular Security Audits: We conduct periodic security assessments, vulnerability scans, and penetration testing to identify and mitigate risks.

3. Secure Payment Methods We use PCI-DSS-compliant payment gateways to process transactions securely. All financial transactions are encrypted, and no payment details are stored on our servers. Third-party payment processors ensure compliance with global financial security standards.
4. Compliance with Security Standards InnovAID Solutions complies with the following international security and data protection frameworks:

• General Data Protection Regulation (GDPR) – Ensuring user rights and data privacy for EU-based customers.
• California Consumer Privacy Act (CCPA) – Providing data protection rights for California residents.
• ISO 27001 – Adhering to best practices in information security management.
• SOC 2 Type II – Maintaining strict control over data handling and processing.
• HIPAA (where applicable) – Protecting healthcare-related data in compliance with legal regulations.

5. Data Breach Prevention and Response To mitigate risks associated with data breaches, we have established:

• 24/7 Monitoring: Real-time threat detection and monitoring of potential security incidents.
• Incident Response Plan: A dedicated security response team ensures prompt investigation and remediation of breaches.
• User Notification: In the event of a confirmed data breach, affected users will be notified within legally required timeframes.
• Third-Party Security Assessments: We evaluate vendors and partners to ensure compliance with our data protection standards.

6. User Responsibilities While we implement strong security measures, users play a role in protecting their accounts:

• Use strong, unique passwords and enable multi-factor authentication (MFA).
• Avoid sharing login credentials or sensitive data with unauthorized parties.
• Report suspicious activity immediately to policies@innovaidsolutions.com.

7. Retention and Deletion of Data We retain user data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy. Upon request or account termination, we follow secure deletion practices to remove user data from our systems in compliance with applicable laws.
8. Changes to This Policy We reserve the right to update this Data Security Policy as security threats evolve. Any changes will be posted on this page with an updated “Effective Date.” Continued use of our Services constitutes acceptance of the revised policy.
9. Contact Us If you have questions regarding this Data Security Policy or suspect a security issue, contact us at:

• Email: policies@innovaidsolutions.com
• Address: Al-Shmeisani, Queen Nour st., Housing Bank Complex, Ground Floor.
• Phone: +962 78 700-1133