🚀 NASA Exhibition Special: Sign in your email to claim $300 OFF + Free Eye Mask! (Click here)

Language
Language
Language

My Waves Technologies Limited

Security Policy

 

1. Introduction

My Waves Technologies Limited (“the Company”) is committed to safeguarding the confidentiality, integrity, and availability of all data collected, processed, and stored through its personalized sleep solution platform. This Security Policy describes the technical, administrative, and organizational measures employed to protect user data, ensure privacy, and comply with applicable regulations.

2. Scope

This Policy applies to all Company systems, devices, networks, applications, and personnel involved in the collection, transmission, processing, and storage of user data, including brainwave recordings, account information, and any related metadata.

3. Definitions

 

    • PII: Personally Identifiable Information.

    • EDF: European Data Format, a standard for recording bioelectrical signals.

    • RBAC: Role-Based Access Control.

    • MFA: Multi-Factor Authentication.

    • RTO/RPO: Recovery Time Objective/Recovery Point Objective.

4. Data Classification

 

    • Brainwave Recordings: Recorded in EDF, containing no PII.

    • Account Data: User profile details, authentication credentials, and consent records.

    • Derived Outputs: Personalized soundscapes generated from EDF recordings.

5. Data Collection and Ownership

 

    • myWaves Pebble Device: Captures delta brainwave signals via wet contact electrode pads on the user’s forehead.

    • EDF Files: Conform to the international EDF standard, fully owned by the user, and free of PII.

    • User Consent: Obtained explicitly prior to any data capture or processing.

6. Data Storage and Encryption

 

    • Cloud Infrastructure: All data resides exclusively in AWS data centers within the United States.

    • Encryption at Rest: AES-256 encryption applied to all stored data, including EDF files and account information.

    • Encryption in Transit: TLS 1.2 (or higher) secures all communication channels between devices, users, and servers.

    • Key Management: Encryption keys are managed through AWS Key Management Service (KMS) with strict access controls.

7. Access Control and Authentication

 

    • RBAC: Access granted based on job function and the principle of least privilege.

    • MFA: Enforced for all administrative and user accounts.

    • Session Management: Secure session tokens with automatic expiration and revalidation.

8. Data Segregation and Anonymity

 

    • PII Separation: EDF files never contain PII and are stored separately from user profile data.

    • User Ownership: Users retain full ownership and control over their EDF recordings.

    • Data Transfer: Secure digital channels ensure EDF file transfers remain anonymized and unlinked to PII.

9. Data Usage and Retention

 

    • Purpose Limitation: Brainwave data is used solely for the proprietary neuro-acoustic transduction process.

    • No Secondary Use: EDF files or derived outputs are not shared, sold, or distributed to third parties.

    • Retention: Data is retained as necessary to provide core services and satisfy legal obligations. Specific durations are determined by business and regulatory requirements.

10. Privacy and Regulatory Compliance

 

    • GDPR Compliance: Data minimization, user rights, Data Protection Officer oversight.

    • Other Regulations: Compliance with CCPA, HIPAA (where applicable), and other regional privacy laws.

11. Security Monitoring and Incident Response

 

    • Continuous Monitoring: 24/7 logging, intrusion detection, and anomaly tracking.

    • Incident Response Plan: Procedures for identification, containment, eradication, and recovery.

    • Breach Notification: Timely notification of affected users and authorities per regulatory requirements.

12. Physical and Environmental Security

 

    • AWS Data Centers: ISO 27001, SOC 1/2/3, and PCI DSS compliant.

    • Controlled Access: Biometric authentication, surveillance, and security personnel.

    • Redundancy and Resilience: Backup power systems and infrastructure ensure high availability.

13. Employee Security and Training

 

    • Training: Mandatory security and privacy awareness training for all personnel.

    • Confidentiality Agreements: Signed by employees, contractors, and vendors.

    • Access Reviews: Quarterly audits of user accounts and privileges.

14. Vendor and Third-Party Management

 

    • Due Diligence: Security assessments and contractual requirements for all vendors.

    • No Third-Party Sharing: User data is not shared with external parties without explicit consent.

15. Business Continuity and Disaster Recovery

 

    • Backup Strategy: Regular encrypted backups stored within our primary AWS region.

    • Recovery Objectives: Defined RTO and RPO to minimize downtime and data loss.

    • Testing: Annual disaster recovery drills to validate readiness.

16. Policy Enforcement and Exceptions

 

    • Enforcement: Non-compliance may result in disciplinary actions, up to termination.

    • Exceptions: Any deviation from this Policy requires written approval from the Chief Executive Officer and must be documented.

17. Policy Review and Updates

 

    • Review Cycle: Reviewed at least annually or upon significant changes.

    • Change Management: Formal process for proposing, approving, and implementing updates.

This Security Policy provides a comprehensive, professional framework to ensure My Waves Technologies Limited maintains best-in-class data protection, privacy, and compliance.

Confirm Deletion

Are you sure to delete this music record?

Continue
Cancel
Confirm Deletion

Are you sure to delete this recording?

Continue
Cancel
Confirm MyWaves Conversion

You are about to submit this reading to be processed into your personalized MyWaves sound file.

The process will take an estimated 20 minutes, we will email you when the process is complete.

Continue
Cancel