Security Policy

Last Revised On: March 17th, 2016

VERSION 1.0

homezen (the “Company”) takes the security of customer personal information very seriously. This Website and its related services implement multi-layer controls to protect sensitive information.

Some of the controls are:

  • Authentication (One-Time Password): To provide a superior level of assurance, our account login is protected by a one-time password system. When you sign up, you will associate your account with a phone number or email address. When logging in, a secure one time use password will be sent to you. This password is valid only for a very limited time. You will receive and use a new one-time password each time you log in.
  • Per-device login expiration: To protect from unauthorized access, when you log in from a particular device and browser, you will be able to access the site for only a limited number of days before you must log back in. We strongly recommend you log out of the signed in device when you are finished using the site, and log back in when you return.
  • Encryption by default: All connections from your device to HomeZen’s website and platform are protected against eavesdropping by industry-standard encryption available on your device. All data stored with HomeZen is encrypted at rest with industry-standard cryptography.
  • Protected Infrastructure: The systems that run HomeZen are protected by multiple layers of infrastructure security including HTTP firewalls, network firewalls, strict identity & access management, and strong operating system security controls. The systems are monitored 24/7. HomeZen follows Open Web Application Security Project (OWASP) recommendations for application controls and protections.
  • Security procedures: HomeZen follows strict internal security policies, procedures, and protocols to secure information entrusted with us. These include: using 2-factor authentication on every corporate system and service possible, strictly limiting permissions and access to data and services, and incident mitigation and handling that follow industry best practices.

We have the right to assume that anyone accessing the authorized areas of this Website using a one-time password has the right to do so. Any transactions on this Website, including, but not limited to accessing account information, initiated by a user or person(s) acting on behalf of the user by entering the correct one-time password is deemed to be acting with the full authority of the user.

The user is responsible for maintaining control of the phone number or email address to which one-time passwords are sent. The user will be solely responsible for the activities of anyone accessing this Website using an account assigned to the user, even if the individual is not, in fact, authorized by the user. If a user’s phone number or email address is compromised, the user must both notify the Company immediately and must update the phone number or email address.

In accordance with the provisions of applicable law, if there is a breach of the security of the Website that results in the compromise or disclosure of personally identifiable information, we will inform those affected as required.

We reserve the right to prevent a user’s access to this Website should we have reason to believe the user’s account has been compromised. We make no affirmative undertaking that the security features listed above will be updated, enhanced or replaced at any particular time or upon any particular event.

If you do not agree to these terms and conditions, you are not authorized to access or use the Website and you are to cease accessing or otherwise using the Website.

If you have any questions or concerns about this Policy or the security of the Website, please contact us at security@myhomezen.com.