๐Ÿ“„ Read and download the full Information Security Policy on our trust portal:
https://trust.buildbetter.ai/resources?s=82ed75cltv69qy292r9sgi&name=information-security-policy-(aup)

โ€‹
Information Security Policy Summary

Effective Date: January 1, 2023
Policy Owner: Spencer Shulem, CEO

โ€‹
๐Ÿ” Purpose & Scope

This policy outlines acceptable use and required protections for Build Better, Inc.โ€™s systems, networks, and data. It applies to all employees, contractors, and third parties accessing Build Better, Inc. assets.

Security is a shared responsibility, and all personnel are required to act in accordance with this policy and report incidents promptly.

โ€‹
๐Ÿ“ฆ Key Security Controls

โ€‹
๐Ÿ”’ Device & Mobile Security

  • All end-user devices must be:
    • Locked with a password or biometric
    • Set to auto-lock after 5 minutes
    • Encrypted if storing or accessing confidential data
  • Confidential data may not be stored on USB drives or personal devices.
  • Lost or misused devices must be reported immediately.

โ€‹
๐Ÿ” Access Controls

  • Passwords must follow the Access Control Policy.
  • Users may not share credentials or leave devices unattended and unlocked.
  • All VPN and remote access tools must be company-approved and use MFA.

โ€‹
๐Ÿงน Clear Desk & Clear Screen

  • Users must lock screens when not in use.
  • Confidential materials must not be left visible or unsecured in the workspace.

โ€‹
๐ŸŒ Acceptable Use & Unacceptable Activities

Build Better, Inc. systems are for authorized business use only. Prohibited activities include:

  • Unauthorized software installs or access
  • Network sniffing, denial of service, or unauthorized scanning
  • Storing or transmitting copyrighted, offensive, or malicious material
  • Sharing confidential data without permission
  • Bypassing security mechanisms or using rogue software

โ€‹
๐Ÿ›ก๏ธ Incident Reporting

All suspected security incidents or policy violations must be reported immediately to:
๐Ÿ“ง security@buildbetter.app

Whistleblower protections are in place to encourage good-faith reporting of violations, fraud, or misconduct.

โ€‹
๐ŸŒ Remote Access & Public Network Use

  • Only authorized, encrypted remote access (e.g., VPN with MFA) is permitted.
  • Public Wi-Fi use requires VPN.
  • Users must not save credentials or download data on public/shared machines.

โ€‹
๐Ÿ“š Linked Security Policies

This policy incorporates and references the following:

  • โœ… Access Control Policy
  • โœ… Cryptography Policy
  • โœ… Data Management Policy
  • โœ… Secure Development Policy
  • โœ… Incident Response Plan
  • โœ… Risk & Asset Management
  • โœ… Business Continuity & Disaster Recovery
  • โœ… Operations & Physical Security

Personnel are required to understand and follow all applicable linked policies.

โ€‹
โœ… Compliance & Enforcement

  • Audits and monitoring are conducted regularly.
  • Violations may result in disciplinary action, including termination.
  • Exceptions must be approved by the IT Manager.

๐Ÿ“„ Read and download the full Information Security Policy on our trust portal:
https://trust.buildbetter.ai/resources?s=82ed75cltv69qy292r9sgi&name=information-security-policy-(aup)