Skip to content
Trust & Safety

Security & Compliance

Your data needs to be impregnable, and your system needs to be 100% industry and regulation compliant.

Producer Framework is developed and owned by HQ Foundry Labs Pte. Ltd. ("HQ Foundry"). We understand that you can't do your job well without the confidence and comfort that the systems you use are completely secure and compliant. Let us share with you how we ensure these things, and if you or your company's compliance team need more information, please don't hesitate to get in contact.

Security Implementation Summary

01

Enforcement of HTTPS (TLS/SSL)

Implemented HTTPS with valid SSL/TLS certificates. Redirects all HTTP traffic to HTTPS and enforces HSTS.

02

Database Encryption

Sensitive data is encrypted using AES (256-bit) for data at rest. In-transit data is secured with TLS. User passwords are hashed using bcrypt or Argon2.

03

Authentication & Authorization

Multi-factor authentication (MFA) is required for all accounts. Strong password policies and role-based access control (RBAC) are in place. Utilizes token-based authentication (JWT) for secure sessions.

04

SQL Injection Prevention

Uses prepared statements and parameterized queries. Inputs are validated and sanitized regularly.

05

XSS Protection

User-generated content is sanitized and CSP headers are implemented. Secure frameworks automatically handle output encoding.

06

CSRF Protection

Anti-CSRF tokens are integrated into forms and sensitive actions.

07

Firewall & WAF

Deployed network firewalls and a WAF to block malicious traffic. Regular updates to firewall rules and rate-limiting measures are enforced.

08

Software & Patch Management

Maintains up-to-date software with prompt security patch applications. Regular reviews of libraries and dependencies to eliminate vulnerabilities.

09

Security Audits & Monitoring

Comprehensive logging and a SIEM system for real-time monitoring. Regular vulnerability assessments and credential reviews.

10

Backup & Disaster Recovery

Automated encrypted backups with periodic restoration tests. Geographically redundant storage and an incident response plan are in place.

NoPiiData

Your data security is our top priority, so we offer an optional opt-in to our NoPiiData system. We understand the importance of protecting your sensitive information, and we have implemented world-class measures to ensure its safety.

Our primary security policy, NoPiiData, provides an innovative approach to data protection. Instead of storing your data on our servers, you keep it in your own secure Google Drive. This means your information is safeguarded by Google's industry-leading security standards, which include robust encryption, regular security audits, and advanced threat detection systems.

Critical Benefits of NoPiiData

Google's Security

Your data benefits from the same security measures that protect millions of users worldwide. Google's security infrastructure is one of the most advanced in the industry, ensuring top-tier protection.

Data Decentralization

By storing your data separately, the risk of a breach affecting multiple users is completely negated. In the unlikely event of a security incident, only the individual's data is at risk, and no other user's information can be accessed. If the user activates our OTP/2FA (two-factor authentication), they will also be protected from a human-caused security breach, making the data extremely secure.

Data Privacy

HQ Foundry cannot access or share your data. This ensures complete privacy and control over your information, giving you peace of mind that your sensitive data remains confidential and under your ownership.

Financial Data

HQ Foundry DO NOT collect or store any client financial data. Any data or information display is for PRESENTATION PURPOSES ONLY. Any financial information entered into our presentation roadmap tools is completely erased on sign out.

How NoPiiData Works

Within each user's Producer Framework account settings there is an option to engage the NoPiiData system. If they have existing client data in the Producer Framework system this will be migrated. This process can take up to a week as our tech team confirms every migration to make sure it is properly secure. Once their account is migrated and new data is entered, they will automatically use the NoPiiData system, and all data on the Producer Framework system will be removed.

When the Producer Framework system uses data with permission from the user's hidden Google Drive, it is used as a reference point, and no data is stored on the Producer Framework system once the specific task is complete. This ensures there is no way for HQ Foundry as a third party to collect, observe, or share the data that users have entered into the NoPiiData system.

Compliance

Our robust measures align with the highest industry standards, ensuring your information is protected and your trust is earned. Here's how we meet key compliance requirements set by the Monetary Authority of Singapore (MAS) and Prudential standards.

1. Data Protection and Privacy

  • Personal Data Protection Act (PDPA): HQ Foundry complies with PDPA by implementing policies and procedures for the proper collection, use, and disclosure of personal data. Regular training ensures all employees understand their obligations under PDPA.
  • User Client Consent: HQ Foundry provides a consent collection tool so users can collect specific consent to receive communications from, and have their data stored on the system.
  • Notification: The notification of individuals of the purpose for which their personal data is being collected, used, or disclosed is done at the time of collection through the use of the Consent tool.
  • Confidentiality Agreements: All employees and third-party vendors sign confidentiality agreements. Access to sensitive data is restricted based on roles and responsibilities.
  • Purpose Limitation: HQ Foundry collects and uses personal data only for purposes that a reasonable person would consider appropriate and to which the individual has consented.
  • Access and Correction: Users can update and correct their information at any time. User clients can access their personal data upon request.
  • Protection: HQ Foundry has implemented required security arrangements including NoPiiData, OTP-2FA, and consent tools, as well as internal policies and training.
  • Retention Limitation: HQ Foundry ceases to retain personal data when it is no longer necessary for business or legal purposes. All data can be removed at the request of the user.
  • Transfer Limitation: HQ Foundry ensures that ALL DATA remains within Singapore and is neither shared with nor stored in any other country.

2. Cybersecurity

  • Cyber Hygiene Notices: HQ Foundry adheres to MAS guidelines by conducting regular security audits, applying patches promptly, and enforcing strong authentication methods, including multi-factor authentication (MFA).
  • Cybersecurity Act: HQ Foundry has implemented a cybersecurity framework that includes incident response plans, continuous monitoring, and regular security assessments. Significant incidents are always reported to MAS as required.
  • OTP/2FA: HQ Foundry has a One Time Password, Two Factor Authentication system to prevent 3rd party login.
  • Cybersecurity History: To date HQ Foundry has had ZERO cybersecurity incidents or breaches.

3. Risk Management

  • Operational Risk Management: HQ Foundry has created a LOW RISK operational program, complemented by regular risk assessments, internal controls, and monitoring mechanisms to manage and mitigate operational risks.
  • Third-Party Risk Management: HQ Foundry conducts due diligence on all third-party vendors to ensure they comply with relevant regulations and maintain high-security standards.

4. Regulatory Reporting

  • Timely Reporting: HQ Foundry has a 24-hour timeline for the reporting of data breaches, cybersecurity incidents, and other compliance issues to MAS, ensuring transparency and accountability.
  • Accurate Records: HQ Foundry maintains accurate and complete records of all transactions, communications, and compliance activities.

5. AML/CFT Compliance

  • Anti-Money Laundering (AML): HQ Foundry operates in a very low risk area for money laundering activity, however an AML policy is in place, including customer due diligence, transaction monitoring, and suspicious activity reporting.
  • Countering the Financing of Terrorism (CFT): HQ Foundry complies with CFT regulations by screening against sanction lists and ongoing identification of suspicious client activities.

6. Data Storage and Transmission

  • Encryption Standards: HQ Foundry uses industry-standard encryption methods to protect data in transit and at rest, ensuring unauthorized access is prevented.
  • Data Localization: HQ Foundry complies with data localization requirements by ensuring that data is stored within local data centres.

7. Client Communication and Transparency

  • Clear Communication: HQ Foundry ensures transparent communication with clients regarding data storage, use, and protection policies.
  • Consent Management: HQ Foundry obtains explicit consent from users and user clients for data collection and processing activities, ensuring compliance with PDPA and maintaining client trust.

8. Additional Compliance

  • Financial Guidelines: HQ Foundry adheres to prudential guidelines set by MAS, including maintaining adequate capital reserves, liquidity management, and regular financial reporting to ensure financial soundness.
  • Business Continuity Planning: HQ Foundry has robust business continuity and disaster recovery plans in place, including regular testing and updates, to ensure minimal disruption to services in the event of an incident.

By addressing these compliance issues comprehensively, HQ Foundry ensures alignment with MAS regulations and maintains high standards of security, privacy, and operational integrity, thereby fostering trust and reliability in its services.