Security Hub

Privacy Policy

Effective date: October 31st, 2022

Circular Edge / AtomIQ operates the website and potential future mobile applications (the “Service”).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We have appointed a data protection officer (DPO) to oversee our data privacy matters. If you have any questions about this privacy notice or how we handle your personal data, please contact us at contact@circularedge.com.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data
While using our Service, we may ask you to provide us with certain “Personal Data”. By “personal data” we mean information about you which could identify you such as your name and contact details and booking history. Personal data does not include data where you can no longer be identified from it such as anonymised aggregate data.

Cookies and Usage Data

Usage Data
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Tracking Cookies Data
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.

• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

• Security Cookies. We use Security Cookies for security purposes

Use of Data
uses the collected data for various purposes:
• To provide and maintain the Service

• To notify you about changes to our Service

• To allow you to participate in interactive features of our Service when you choose to do so

• To provide customer care and support

• To provide analysis or valuable information so that we can improve the Service

• To monitor the usage of the Service

• To detect, prevent and address technical issues

Transfer Of Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside and choose to provide information to us, please note that we transfer the data, including Personal Data, to and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Circular Edge will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure Of Data

Legal Requirements
Circular Edge may disclose your Personal Data in the good faith belief that such action is necessary to:
• To comply with a legal obligation

• To protect and defend the rights or property of

• To prevent or investigate possible wrongdoing in connection with the Service

• To protect the personal safety of users of the Service or the public

• To protect against legal liability

Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Links To Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

How long will we retain your information?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you as it is no longer personal data.

Once we no longer require your personal data for the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We will securely destroy your personal data in accordance with applicable laws and regulations.

Your rights in relation to your information
You have rights as an individual which you can exercise in relation to the information we hold about you under certain circumstances. These rights are to:
• Request access to your personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;

• Request rectification of your personal data;

• Request the erasure of your personal data;

• Request the restriction of processing of your personal data;

• Object to the processing of your personal data;

• Request the transfer of your personal data to another party.

• Right to withdraw consent to the collection, processing and transfer of your personal data for a specific purpose at any time.

If you want to exercise one of these rights please contact us at contact@circularedg.com.

You also have the right to make a complaint at any time to a supervisory authority for data protection issues.

Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us
If you have any questions about this Privacy Policy, please contact us:
Circular Edge
contact@circularedge.com
399 Campus Dr, Suite 102

Somerset, NJ 08873

Security Policy

Organizational Security

  • Information Security Program
    • We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.
    •  
  • Third-Party Audits
    • Our organization undergoes independent third-party assessments to test our security and compliance controls.
    •  
  • Third-Party Penetration Testing
    • We perform an independent third-party penetration at least annually to ensure that the security posture of our services is uncompromised.
    •  
  • Roles and Responsibilities
    • Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.
    •  
  • Security Awareness Training
    • Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
    •  
  • Confidentiality
    • All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
    •  
  • Background Checks
    • We perform background checks on all new team members in accordance with local laws.

Cloud Security

  • Cloud Infrastructure Security
    • All of our services are hosted with [Microsoft Azure]. They employ a robust security program with multiple certifications. For more information on our provider’s security processes, please visit [Azure Security].
    •  
  • Data Hosting Security
    • All of our data is hosted on [Microsoft Azure] databases. These databases are all located in the [United States]. Please reference the above vendor specific documentation linked above for more information.
    •  
  • Encryption at Rest
    • All databases are encrypted at rest.
    •  
  • Encryption in Transit
    • Our applications encrypt in transit with TLS/SSL only.
    •  
  • Vulnerability Scanning
    • We perform vulnerability scanning and actively monitor for threats.
    •  
  • Logging and Monitoring
    • We actively monitor and log various cloud services.
    •  
  • Business Continuity and Disaster Recovery
    • We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
    •  
  • Incident Response
    • We have a process for handling information security events which includes escalation procedures, rapid mitigation and communication.

Access Security

  • Permissions and Authentication
    • Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.
    • Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
    •  
  • Least Privilege Access Control
    • We follow the principle of least privilege with respect to identity and access management.
    •  
  • Quarterly Access Reviews
    • We perform quarterly access reviews of all team members with access to sensitive systems.
    •  
  • Password Requirements
    • All team members are required to adhere to a minimum set of password requirements and complexity for access.
    •  
  • Password Managers
    • All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.

Vendor and Risk Management

  • Annual Risk Assessments
    • We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.
    •  
  • Vendor Risk Management
    • Vendor risk is determined and the appropriate vendor reviews are performed prior to authorizing a new vendor.

Contact Us

If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact security@circularedge.com.