top of page

Terms and Conditions

Terms and Conditions

 

1. Introduction

Welcome to HeyBud, an AI-powered food and travel discovery application owned and operated by HeyBud Software Inc., headquartered in New York. By accessing or using our services, you agree to abide by these terms and conditions. Please read them carefully before using the app.

 

2. Eligibility

You must be at least 18 years old or have parental consent to use this app. By using our app, you confirm that you are legally able to enter into a binding contract.

 

3. User Account

You may be required to create an account to access certain features. You are responsible for maintaining the confidentiality of your login credentials. You agree to notify us immediately of any unauthorized use of your account.

 

4. App Usage

You agree to use the app only for lawful purposes and in accordance with these terms. You may not:

- Use the app to engage in any unlawful activities.

- Reproduce, distribute, or create derivative works from our content without permission.

- Interfere with the app’s operation or security.

 

5. AI Recommendations

The app provides AI-generated recommendations. These are suggestions only and not guarantees of quality or accuracy. We are not liable for any loss or damage resulting from reliance on these recommendations.

 

6. Payments and Fees

Any payments made for premium features, travel bookings, or restaurant reservations through the app are final and non-refundable unless stated otherwise. Additional fees for third-party services may apply.

 

7. Intellectual Property

All content, including but not limited to text, images, and software, is owned by HeyBud Software Inc. or its licensors. You may not use our intellectual property without express written permission.

 

8. Third-Party Links

The app may contain links to third-party websites and services. We are not responsible for the content or practices of these third parties.

 

9. Limitation of Liability

To the maximum extent permitted by law, we shall not be liable for any indirect, incidental, or consequential damages arising out of your use of the app.

 

10. Termination

We reserve the right to terminate or suspend your account at our discretion if you violate these terms.

 

11. Governing Law

These terms will be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws principles. Any disputes will be resolved exclusively in the state or federal courts located in New York, NY.

​

HeyBud Software Inc. Cybersecurity Profile

 

 1. Overview

HeyBud Software Inc., a Delaware C-Corp, operates within the technology space, specifically focusing on a B2C social platform and AI-driven food and travel applications. The company deals with a significant amount of user data, including personally identifiable information (PII), transaction details, user-generated content, and analytics. Ensuring the security of this data is paramount to maintaining trust with users and compliance with data protection regulations.

 

 2. Security Objectives

- Confidentiality: Protect user and company data from unauthorized access.

- Integrity: Ensure that data is accurate and safeguarded from unauthorized modification.

- Availability: Maintain uptime and access to services and data for authorized users.

- Compliance: Align with industry standards and legal requirements (e.g., GDPR, CCPA, PCI-DSS, etc.).

- Resilience: Implement mechanisms for quick recovery in case of security incidents or data breaches.

 

 3. Key Cybersecurity Policies

Access Control and Authentication  

   - Implement multi-factor authentication (MFA) for internal systems and user accounts.

   - Role-based access control (RBAC) for sensitive data and resources.

   - Password policies mandating complexity, periodic updates, and encryption.

 

Encryption and Data Security  

   - End-to-end encryption (E2EE) for all data at rest and in transit.

   - Regularly updated TLS/SSL certificates for secure communication.

   - Secure APIs for third-party integrations, ensuring encrypted data exchange.

 

Network and Application Security  

   - Use firewalls, intrusion detection/prevention systems (IDS/IPS), and secure cloud infrastructure.

   - Regular vulnerability scans and penetration testing.

   - Secure software development lifecycle (SDLC), with code reviews and testing.

 

Incident Response and Disaster Recovery  

   - Incident response team and a playbook for managing breaches, including communication protocols.

   - Data backup policies with regular snapshots and offsite storage.

   - Business continuity plan to minimize downtime during cyber incidents.

 

Third-Party Risk Management  

   - Due diligence and security assessments of all third-party vendors.

   - Secure data sharing agreements and periodic reviews of compliance.

 

Employee Training and Awareness  

   - Mandatory security awareness training for employees, focusing on phishing, malware, and insider threats.

   - Social engineering prevention programs.

 

 4. Threat Model

- External Threats: Hackers, malware, ransomware, DDoS attacks.

- Internal Threats: Insider threats, employee errors, or malicious actors.

- Third-Party Risks: Vendors or partners who may expose vulnerabilities.

- Data Breaches: Theft or exposure of PII or sensitive company information.

 

 Data Loss Prevention (DLP) Program for HeyBud Software Inc.

 

 1. DLP Program Goals

- Prevent the unauthorized transfer or disclosure of sensitive user and company data.

- Protect intellectual property (IP) and other confidential information.

- Ensure compliance with regulations governing data privacy and security.

 

 2. Core Components of the DLP Program

  Data Classification  

   - Classify data into different categories (e.g., PII, financial data, confidential, public) based on its sensitivity.

   - Label and tag data appropriately to ensure it is treated according to its classification.

 

Data Monitoring and Protection  

   - Implement DLP software tools to monitor and analyze the movement of sensitive data across the network.

   - Prevent unauthorized uploads, downloads, email attachments, or cloud sharing of classified data.

   - Set up alerts for potential violations or suspicious data transfers.

 

Endpoint Security  

   - Protect all endpoints (computers, mobile devices, and cloud servers) with encryption, antivirus, and DLP agents.

   - Control external device usage, including USB ports and removable media, to prevent data exfiltration.

 

Encryption Protocols  

   - Enforce encryption for all sensitive data at rest and in transit, using AES-256 or higher standards.

   - Require secure transmission protocols such as HTTPS, SFTP, and VPNs for remote access.

 

User Education and Access Control  

   - Educate users on data handling policies, including how to avoid inadvertent data loss.

   - Limit access to sensitive data on a need-to-know basis, using RBAC and least privilege principles.

 

Incident Management and Response  

   - DLP systems should trigger automatic incident responses, such as logging out users, blocking suspicious transfers, and alerting the security team.

   - Forensic investigation protocols to understand the cause of any data loss and determine the proper remediation steps.

 

 3. Monitoring and Reporting

- Regular Audits: Conduct audits of data flows, storage locations, and access logs to identify potential weaknesses or policy violations.

- Automated Alerts: Real-time alerts for data exfiltration attempts or breaches, allowing immediate intervention.

- Reporting Framework: Provide detailed reports on data movement, security incidents, and DLP performance to management and regulatory bodies, if necessary.

 

 4. Compliance and Legal Considerations

- GDPR & CCPA: Ensure compliance with regulations that require data protection measures and grant users rights over their data (e.g., right to be forgotten, data portability).

- Data Retention: Implement policies that govern data retention and deletion based on legal and business requirements.

- Breach Notification: Have procedures in place to notify affected users and authorities in the event of a data breach.

bottom of page