Security Measures

Last updated: July 17, 2025

At Poslog, Inc., protecting the security and privacy of the personal data we process is a top priority. We implement a combination of technical, organizational, and physical safeguards in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

Below is an overview of the key measures we take to protect personal data:

1. Data Encryption

  • In Transit: All data transmitted between users and our servers is encrypted using TLS 1.2 or higher.
  • At Rest: Data stored in our databases, including user-uploaded media such as photos and videos, is encrypted using AES-256 encryption.
  • Media Isolation: Visual content is stored in protected buckets with restricted access control based on roles.

2. Access Control

  • Role-Based Access: Internal access to personal data is limited to authorized personnel based on job responsibilities.
  • Authentication: All internal systems and third-party admin dashboards require multi-factor authentication (MFA).
  • Audit Logging: Access to production systems is logged and periodically reviewed.

3. Infrastructure Security

  • Role-Based Access: Internal access to personal data is limited to authorized personnel based on job responsibilities.
  • Authentication: All internal systems and third-party admin dashboards require multi-factor authentication (MFA).
  • Audit Logging: Access to production systems is logged and periodically reviewed.

4. Data Minimization & Retention

  • We collect and process only the data necessary to provide our services.
  • Data is retained only for as long as required for service provision, or as requested by the user.
  • Users may delete their data at any time through the app or by contacting support.

5. Data Subject Rights & Privacy Controls

Users have the ability to:

  • Access and review their stored data
  • Request deletion of their personal data
  • Control sharing settings for exercise logs

Requests can be submitted via our app or by contacting us at support@poslog.com.

6. Subprocessors

We engage the following subprocessors to help provide our services:

Subprocessor
Purpose
Location
Google Cloud
Hosting, storage, analytics, authentication
United States
Stripe
Payment processing
United States
RevenueCat
Subscription management
United States

7. Physical Security

  • Employee devices are secured with full-disk encryption and screen locking.
  • Access to production systems is restricted to cloud environments only—no data is stored on local machines.
  • Our company operates as a remote-first team, with no central office storing physical data.

8. Security Testing & Incident Response

  • Vulnerability Management: We use static and dynamic analysis tools during development and monitor dependencies for known vulnerabilities.
  • Incident Response: In the event of a data breach, we will notify affected data controllers without undue delay and take immediate corrective measures.

Contact

If you have questions about our security practices or would like additional documentation (e.g. for DPA or vendor reviews), please contact us by email at support@poslog.com or by post at:

Poslog, Inc.
522 W Riverside Ave Ste N
Spokane, WA 99201
United States