Privacy Policy
This Privacy Policy outlines the rights and responsibilities regarding the registration, storage, and use of personal data for individuals/legal entities (hereinafter referred to as "Users") accessing and using the Service Provider's "TUSS.io" digital platform (referred to as the "Platform").
ONE. PRIVACY POLICY NOTICE
1.1 The Privacy Policy encompasses the following details:
1.1.1. User Data: This includes data entered into the Platform by the User
1.1.2. Any additional information suggested or reported by the User through the Platform.
1.1.3. Intellectual Digital Solutions: This encompasses rules, procedures, methods, algorithms, models, forms, and other components contained in the Platform.
1.1.4. Platform Source Code
1.2. Non-confidential Information:
1.2.1. This comprises information and documents intentionally made public by the parties upon request
1.2.2. Any information and documents that the parties have agreed to disclose to others inwriting.
1.3. The User's personal information is considered strictly confidential.
1.4. Both parties shall be obligated to employ all necessary measures to protect and prevent the disclosure of confidential information through suitable means and methods.
1.5. The structure of the Privacy Policy is as follows:
1.5.1. Type and form of the user's personal data registration.
1.5.2. Conditions for the storage of registered user data.
1.5.3. Terms governing the utilization of user data.
1.5.4. User rights associated with the registration of personal data.
1.5.5. Terms governing the sharing of user's personal data.
1.5.6. Terms and conditions for the retention of the user's personal data.
1.5.7. Guidelines for managing user personal data.
1.5.8. Terms concerning changes to the Privacy Policy by the Service Provider.
1.5.9. Measures and obligations of the Service Provider to protect personal data.
1.5.10. Information on how Users can contact the Service Provider.
1.5.11. An explanation of cookies and their use.
1.5.12. The specific types of cookies employed by the Service Provider.
1.6. User Data, with the exception of non-confidential information as defined in Section 1.2 of the Privacy Policy, is considered confidential User Data.
TWO: PRIVACY POLICY TERMS
2.1. Types of Users' Personal Data and Data Registration:
2.1.1. Account Creation: Upon registering for the Platform, an email address and a password will be generated. The password entered by the User will be encrypted and stored by the system to ensure that only the User has access to it.
2.1.2. Registration Information: When a User creates their profile section by logging into the Platform, the Service Provider will collect personal data related to the User's account as outlined below:
2.1.2.1. For Individuals:
2.1.2.1.1. Surname and first name of the individual:
2.1.2.1.2. Personal registration number:
2.1.2.1.3. Personal address:
2.1.2.1.4. Telephone:
2.1.2.1.5. E-mail address:
2.1.2.1.6. Country of Jurisdiction:
2.1.2.1.7. Mother tongue:
2.1.2.1.8. Date of birth (Year/Month/Day):
2.1.2.1.9. Job status:
2.1.2.2. For Organizations:
2.1.2.2.1. Organization name:
2.1.2.2.2. Register of organizations:
2.1.2.2.3. Organization's address:
2.1.2.2.4. Corporate phone:
2.1.2.2.5. Corporate email:
2.1.2.2.6. Areas of activity of the organization:
2.1.2.2.7. Number of employees in the organization:
2.1.2.2.8. Organizational structure, place/unit:
2.1.2.2.9. Board/CEO information:
2.1.2.2.10. Surname and first name of the executive director:
2.1.2.2.11. Executive Director's phone:
2.1.2.2.12. Executive Director's email address:
2.1.3. User Data: Additional data generated during the use of the Platform (including organization goals, goal metrics, job descriptions, links, etc.) will also be automatically recorded and stored.
2.2. Save Registered User Data
2.2.1. The Service Provider stores the data entered by the User on its internal server and conducts regular security assessments of the server.
2.2.2. The User is responsible for safeguarding their login name and password, and the Service Provider shall not be held liable for any damages resulting from unauthorized access.
2.3. Terms of Use of User Data
2.3.1. The Service Provider will utilize the User's data for the following purposes with their consent:
2.3.1.1. Compiling necessary data during the platform registration process;
2.3.1.2. Confirming application registrations;
2.3.1.3. Providing the User with instructions and information related to the Platform and Service provision;
2.3.1.4. Cooperation with government agencies to fulfill legal obligations;
2.3.1.5. Performing internal audits, data analysis, and research upon the User's request;
2.3.1.6. Enhancing our products and services.
2.4. User's Rights Regarding Personal Data Registration. The User has the right to:
2.4.1. Access their personal data;
2.4.2. Rectify incomplete or inaccurately entered personal data;
2.4.3. Limit or opt out of the use of their personal data;
2.4.4. Manage and correct their personal data;
2.4.5. Voluntarily transfer personal data to third parties;
2.4.6. Request the deletion of personal data from the server.
2.5. Distribution of User Personal Data:
2.5.1. The Service Provider will not disclose the User's personal data to third parties, except in the following cases:
2.5.1.1. Sharing data with Third Parties authorized by the User;
2.5.1.2. Sharing the User's data as required by competent authorities in accordance with legal grounds and relevant procedures;
2.6. Terms of User Personal Data Storage:
2.6.1. The Service Provider will retain the User's personal data for as long as the User continues to receive the service and use the application.
2.6.2. Upon termination of the main contract, the Service Provider will store the User's personal information for the following purposes:
2.6.2.1. Maintaining records of business activities for analytical and audit purposes;
2.6.2.2. Complying with legal record-keeping requirements;
2.6.2.3. Filing and defending legal claims and resolving complaints.
2.6.3. The Service Provider will delete the User's personal data, except as specified in Section 2.4 of the Privacy Policy. In situations where information cannot be completely deleted from the system for technical reasons, measures will be implemented to prevent its further use.
2.7. User Management of Personal Data:
2.7.1. To exercise the rights related to personal information as specified in Section 3.3 of the Privacy Policy, the User should submit their request to info@tuss.io;
2.7.2. The Service Provider will acknowledge and respond to suggestions or requests within three business days, with resolution times of up to 30 days depending on the nature of the request.
2.8. Changes to the Service Provider's Privacy Policy: Any updates or amendments to this Privacy Policy will take effect upon mutual agreement and signing by the authorized parties.
2.9. Protection of Service Provider's Personal Data: The Platform is not intended for children under the age of 16, and any use by a child under the age of 16 will result in the immediate termination of their right to use the Service.
2.10. Contact: The User can report suggestions, requests, and complaints related to their personal data to sales@tussolution.mn.
2.11. Definition of Cookies:
2.11.1. Cookies are small data files sent by the operating system associated with the Internet browser or web server and stored on the User's computer's hard drive. These cookies track the User's activity within the Platform and collect information.
2.11.2. The Service Provider may use cookies and similar technologies to distinguish the User from other Users and to analyze the data collected regarding the Platform's usage. This analysis may include information on the number of visitors to the Platform and the frequency of their visits.
2.12. Service Provider's Use of Cookies
2.12.1. The Service Provider uses various types of "Google cookies" in its services, including:
2.12.1.1. Security cookies;
2.12.1.2. Address registration cookies;
2.12.1.3. Advertising cookies.
2.12.2. The Service Provider offers the following options for managing cookies, allowing Users to:
2.12.2.1. View and delete cookies;
2.12.2.2. Block third-party cookies;
2.12.2.3. Block all cookies;
2.12.2.4. Delete all cookies upon closing their browser.
2.12.3. For more information about cookies, please refer to Cookies Policy available at www.policies.google.com.
Data Encryption: Specify that all personal data is encrypted both in transit and at rest, using secure protocols (such as HTTPS/TLS for transit and AES encryption for storage).
Access Control: Explain that only authorized personnel can access user data, with multi-factor authentication and role-based access controls in place.
Data Minimization: Commit to collecting only the necessary personal data and securely disposing of any data no longer required.
Regular Audits and Penetration Testing: Mention that the platform undergoes regular security audits and penetration tests to identify and fix vulnerabilities.
Incident Response Plan: Describe the steps the platform takes in case of a data breach, including user notification timelines and support.
User Authentication: Ensure strong user authentication practices, such as requiring complex passwords and offering multi-factor authentication.
Security Training: Note that employees undergo security training to understand and prevent unauthorized data access.
Data Backup and Recovery: Outline backup policies and data recovery plans to ensure that user data is protected against accidental loss or damage.
Third-Party Data Processors: List any third parties that process data on behalf of the service providerand the security standards they must meet.
End-of-Service Data Deletion: Confirm that, upon account termination, all user data will be deleted,except as required by law, with clear instructions on how users can request data deletion.
Including these details can strengthen users’ confidence in your platform's commitment to data protectionand help meet compliance requirements. Let me know if you’d like further clarification on any specificitem.
Developer's terms
1. Code of Conduct
a. Developers should act professionally, prioritizing collaboration, open communication, and respect.
b. All code contributions must align with the company’s core values of integrity, reliability, and user-centered design.
2. Definitions
a. Developer: An individual or team responsible for the design, development, testing, and maintenance of the software. This includes frontend and backend engineers, quality assurance testers, and DevOps engineers.
b. Task Management System (TMS): Software designed to facilitate task planning, assignment, tracking, and completion. It includes features for managing tasks, timelines, workflows, and collaboration across teams.
c. User Data: Any information collected and stored by the SaaS platform from or about users. This includes personally identifiable information (PII), task-related data, and any other content users upload or generate within the system.
d. API (Application Programming Interface): A set of functions and protocols that allow software applications to communicate with each other. In this context, the API is used for integrating with other services or for external developers to build on top of the SaaS platform.
e. Compliance: Adherence to regulations, laws, and standards applicable to data protection and privacy. This may include frameworks like GDPR (General Data Protection Regulation), PDPA (Personal Data Protection Act), and others relevant to the system.
f. Data Encryption: The process of converting data into a coded format to prevent unauthorized access. Encryption is applied to sensitive data both in transit and at rest.
g. Authentication: The process of verifying the identity of a user or system. Common authentication methods include username/password, multi-factor authentication (MFA),and Single Sign-On (SSO).
3. Code standards
a. Consistency: Follow the coding style guide and ensure consistent use of naming conventions, indentation, and documentation.
b. Readability: Write clean, readable, and maintainable code. Comments should explain the "why" behind complex code, not just the "how."
c. Documentation: Each module, API endpoint, and critical function should have documentation explaining its purpose, expected inputs/outputs, and potential errors.
d. Testing: Adhere to a test-driven development (TDD) approach where feasible. Unit tests should cover critical business logic, and integration tests should cover main API flows.
4. Security Standards
a. Data Security: Follow best practices for data encryption both at rest and in transit. No sensitive data should be hard-coded into the application.
b. Authentication & Authorization: Use secure and updated methods for handling user authentication (e.g., OAuth 2.0, JWT). Implement role-based access control (RBAC) to manage permissions.
c. Vulnerability Management: Regularly scan for vulnerabilities and perform security assessments. Follow a responsible disclosure policy for any vulnerabilities found.
d. Injection Prevention: Prevent SQL injection, XSS, and other injection attacks by validating and sanitizing all inputs.
e. Compliance: Ensure that development adheres to relevant data privacy standards, such as GDPR, CCPA, or PDPA, based on the company's target markets.
5. API Development and Documentation
a. Design: Follow RESTful principles for API design. Ensure consistency in URL patterns, HTTP methods, and error handling.
b. Versioning: Implement versioning (e.g., /api/v1/) to avoid breaking changes in the production environment.
c. Rate Limiting: Apply rate limits to prevent abuse and ensure fair usage for all users.
d. Documentation: Maintain up-to-date API documentation for developers and partners to facilitate smooth integration. Use tools like Swagger or Postman for easy access.
6. Performance Optimization
a. Efficient Code: Aim for optimal algorithms and data structures. Avoid excessive nesting, loops, and redundant processing.
b. Scalability: Design features to support future scalability. Where possible, use asynchronous processing and caching to reduce load.
c. Monitoring: Monitor system performance and error logs to proactively address bottlenecks and optimize performance.
7. Deployment and DevOps
a. Version Control: Use Git for version control. Follow branching strategies (e.g., Gitflow)to ensure clean and manageable code merging.
b. CI/CD: All code changes should go through a CI/CD pipeline that includes automated tests, code linting, and deployment staging.
c. Rollback Strategy: Implement a clear rollback strategy for deployments to minimize downtime in case of unexpected issues.
d. Environment Management: Use separate environments for development, testing, staging, and production. Sensitive credentials should be stored securely and not hard-coded.
8. Privacy and Compliance
Data Collection: Collect only the data necessary for system functionality. Avoid collecting personal information unless explicitly required by the feature.
Data Retention: Implement clear data retention policies. Securely delete data when no longer needed or when a user requests data deletion.
User Consent: Ensure that users are informed and have consented to any data processing practices, in line with GDPR, PDPA, or applicable regulations.
Audit Logs: Maintain audit logs for critical actions (e.g., login, data modification) for security and troubleshooting purposes.
9. Feature Development and Release Management
a. Feature Toggle: Use feature toggles to enable or disable new features without deploying new code.
b. Backward Compatibility: Prioritize backward compatibility in all feature updates, especially for APIs and core functions, to minimize disruption.
c. Release Notes: Document all new features, enhancements, and fixes for each release. Share this information with stakeholders and clients.
10. Issue Tracking and Bug Resolution
a. Issue Management: Track issues using an established system (e.g., Jira, GitHub Issues).Assign priority and severity to guide resolution timelines.
b. Response Time: Define a response and resolution time for different levels of issues (e.g., critical, major, minor).
c. Bug Fixing Protocol: Follow a strict protocol for fixing bugs, including regression testing before deployment.
11. Customer Data Protection
a. Access Controls: Limit developer access to production data and use mock or anonymized data for testing.
b. Encryption: Enforce encryption for sensitive customer data.
c. Logging and Monitoring: Implement monitoring tools to detect and prevent unauthorized access attempts and track any unusual data access.
12. Continuous Improvement and Learning
a. Code Reviews: Conduct code reviews for every pull request. Encourage constructivefeedback and knowledge sharing.
b. Training: Ensure developers undergo regular training on security best practices,compliance updates, and relevant technology advancements.
c. Feedback Loop: Maintain a feedback loop with the customer support and product teamsto improve the system based on real user feedback.
13. Termination and Transition
a. Data Ownership: Ensure that user data remains the property of the user, in compliancewith privacy laws.
b. Data Portability: Provide a mechanism for users to export their data in a commonly usedformat.
c. End-of-Life Policies: Clearly communicate to users in advance about any end-of-life(EOL) policies for features or products, and assist with data migration if necessary