This document outlines a company's approach to security, detailing how customer data is protected and how security concerns are handled. It provides clear channels for customers to report account attacks and for security researchers to disclose vulnerabilities through a bug bounty program. The company commits to investigating and resolving issues, ensuring proper credit for discoveries.

This document outlines the ownership policy for Basecamp 4 accounts, clarifying that accounts are owned by individuals, not organizations. It details the capabilities of account owners, including data access, subscription management, and the ability to designate other owners. The policy also addresses procedures for account access when current owners are unavailable, emphasizing the need for permission or a court order.

This document outlines the process for copyright owners to report alleged infringement of their work on Basecamp products under the Digital Millennium Copyright Act (DMCA). It also details the procedure for users to file a counter-notification if they believe their material was removed in error. The document specifies the required information for both types of notices and where to send them.

This document is the Creative Commons Attribution 4.0 International Public License (CC BY 4.0). It grants users (licensees) worldwide, royalty-free rights to reproduce, share, and adapt licensed material, provided they give appropriate attribution to the creator. The license outlines the conditions for exercising rights over copyrighted and similar materials, including Sui Generis Database Rights.

This document outlines the cancellation policy for various online services provided by 37signals. It details the steps users can take to cancel their accounts, explains what happens to data and billing after cancellation, and describes circumstances under which 37signals may initiate account termination, such as inactivity or abusive behavior.

This document is a California Resident Notice at Collection, designed to inform California residents about the collection, use, and disclosure of their personal information as required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). It outlines categories of personal information collected, the purposes for its use, and the types of third parties with whom it may be disclosed. The notice also addresses rights related to the 'sharing' and 'selling' of personal information, and includes a 'Shine the Light' disclosure.

This document provides a list of third-party subprocessors utilized by HEY, including cloud computing, payment processing, and customer support providers. It emphasizes that HEY maintains GDPR-compliant data processing agreements with each subprocessor to safeguard personal data. The list details each subprocessor's service and geographic location.

This document outlines Basecamp's recruitment privacy policy, detailing the types of personal data collected from job applicants, how it is stored in their applicant tracking systems (Workable and Basecamp), and the duration for which it is retained. It also informs applicants about their rights to access, correct, update, or delete their data, and provides guidance for EU residents regarding GDPR complaints.

This document provides a list of third-party subprocessors utilized by Highrise, including cloud computing, payment processing, and customer support services. It highlights that Highrise maintains GDPR-compliant data processing agreements with each subprocessor to ensure personal data safeguards. All listed subprocessors are located in the United States.

This document provides an overview of the security measures implemented by a service provider to protect user data. It details practices such as data encryption in transit and at rest, redundancy for systems, physical security of servers, regular infrastructure updates, and protection of billing information. The document emphasizes the company's commitment to data security and its long history in business.