Data Breach Policy

A personal data breach is a security incident that leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data.

Examples of data breaches include:

• Unauthorized access to our systems resulting in personal data being accessed
• Accidental loss or deletion of personal data
• Personal data being sent to the wrong recipient
• Personal data being altered without authorization
• Ransomware or malware attacks affecting personal data
• Physical theft of devices containing personal data

Under GDPR, we are required to notify the relevant supervisory authority (data protection authority) of a personal data breach within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to individuals' rights and freedoms.

Our notification to the supervisory authority includes:

• Description of the nature of the breach
• Categories and approximate number of data subjects affected
• Categories and approximate number of personal data records concerned
• Likely consequences of the breach
• Measures taken or proposed to address the breach

We will notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

When we notify you:

• The breach is likely to result in a high risk to your rights and freedoms
• Your personal data has been compromised in a way that could cause harm
• Immediate action is needed to protect your interests

What the notification will include:

• Description of the nature of the breach
• Likely consequences of the breach
• Measures taken or proposed to address the breach
• Recommendations for steps you can take to mitigate potential adverse effects
• Contact information for our data protection team

If we need to notify you about a data breach, we will contact you using the primary email address associated with your EarnLayer account.

In cases of high-risk breaches, we may also:

• Post a notice on our website
• Send notifications through our application
• Use other communication channels if email is not available

If you receive a breach notification from us, we recommend:

• Review the notification carefully - Understand what data may have been affected and what risks you may face
• Change your password - If your account credentials may have been compromised, change your password immediately
• Monitor your accounts - Keep an eye on your EarnLayer account and any other accounts that use the same email or password
• Enable two-factor authentication - If not already enabled, add an extra layer of security to your account
• Review your account activity - Check for any unauthorized access or changes
• Report suspicious activity - If you notice anything unusual, contact us immediately

If you suspect a data breach or notice any suspicious activity related to your EarnLayer account, please contact us immediately:

We implement comprehensive security measures to prevent data breaches, including:

• Encryption - All data in transit and at rest is encrypted using industry-standard protocols
• Access Controls - Strict access controls and authentication requirements
• Regular Security Audits - We conduct regular security assessments and penetration testing
• Employee Training - All staff receive regular security and data protection training
• Incident Response Plan - We maintain a documented incident response procedure
• Monitoring and Detection - Continuous monitoring for suspicious activity
• Backup and Recovery - Regular backups and tested recovery procedures