Security Policy

Basic Principle

We (PLAID, Inc.) would like to provide a personalized service experience to every customer through the business of CX (customer experience) platform "KARTE". This is a service that enables website operators to analyze the characteristics of visitors in real time and to provide "hospitality" that is most suitable for their characteristics.

For the analysis, we need information such as customers' action history and purchase history. This asset of information handled in our business is extremely important as our management base and also valuable for the customers.

We recognize the importance of protecting these information assets from risks such as leakage, damage, loss, etc. All of our board members and all of our employees comply with this basic policy and maintain information security such as confidentiality, completeness, and availability of these information assets.

Basic policy

1. In order to protect information assets, we formulate basic information security policy, conduct business accordingly, and observe laws, regulations and other norms related to information security and contract agreement with customers.
2. We clarify the criteria for analyzing and evaluating risks such as leakage, damage, and loss of information assets, establish a systematic risk assessment method, and periodically carry it out. Based on the assessment results, we will implement necessary and appropriate security measures.
3. We establish an information security system supervised by the board member in charge and clarify the authority and responsibility regarding information security. Also, we regularly conduct education, training and enlightenment to all employees so that they recognize the importance of information security and handle information assets properly.
4. We regularly inspect and audit the compliance status of information security policy and the handling of information assets and we will promptly take corrective action for any incompleteness or items to be improved.
5. In addition to taking appropriate measures against the occurrence of information security events and incidents, we establish procedures for minimizing damage. In particular, for incidents involving business 　interruption, we establish a management framework and regular response, restore tests and review over it, to ensure our business continuity.
6. We establish ISMS, a management system for information security, implement it, continuously review it, and make improvements.