< Back
Home
/
Policies & Legal Resources
/
Privacy Center
/
Privacy and Security Principles

Privacy and Security Principles

Private and Secure
Private and Secure by DesignWe Respect PrivacyCustomer Information and RightsWe Protect DataOur Layered Security ApproachReport Security Vulnerabilities

Terms and Agreements

We’re committed to earning and maintaining Partner and Customer trust by focusing on six key principles:

  • Privacy: We respect your privacy and handle data with integrity. We don’t sell data.
  • Control: We give you ownership and put you in control of your personal information.
  • Transparency: We are transparent about data collection and use so you can make informed decisions.
  • Security: We protect the data you entrust to us with strong, industry-leading security.
  • Legal Compliance: We respect your local privacy laws and regulation.
  • Benefits to You: When we do collect data, we use it to benefit you and improve your experiences.

We Respect Privacy

The collection of certain data is essential to the function of automation and IT communication—its collection and use is what makes homes and businesses “smart.” The secure storage and appropriate use of that data are of the utmost importance to Snap One (NASDAQ: SNPO). Our commitment to privacy and data security is reflected across all our solutions and brands.

We respect your right to privacy and believe your data should be handled with integrity and confidence. We’re dedicated to strict and proactive standards for data privacy, because we believe trust must be earned. Snap One continuously evaluates and adjusts our security and privacy practices to ensure your data is protected and used appropriately.

See Our Full Privacy Policy

Customer Information and Rights

Data is used to provide core functions of our solutions, troubleshoot with systems or accounts, send notifications and relevant technical communications, and improve the functionality of our products.

Snap One does not sell or rent personal information to third-party companies. Some customer information may be shared with business partners in order to:

  • Process credit card payments
  • Ship and deliver products
  • Fulfill orders
  • Manage or host customer data
  • Assess satisfaction and interest in our products and services

Our business partners are obligated to adhere to the same principles and agreements defined in our privacy policy, and Snap One requires these partners to provide assurance of adequate data protection.

Customers have the right, depending on jurisdiction and applicable laws, to:

  • Be provided with a copy of their personal information held by us.
  • Request the correction or deletion of their personal information held by us.
  • Request that their personal information be transferred to a third party.
  • Withdraw consent for the collection of personal data.

Advice and information on how to make the above requests can be found in our privacy policy.

We Protect Data

Snap One engineers and security personnel are proactive in safeguarding customer data. We build products following industry standards and secure methods. We use a variety of methods to continuously improve the security of our customers and partners.

  • We are armed with an array of security tools that protect and monitor for threats 24/7.
  • We stay in close alignment with law enforcement and monitor automation and smart home threat vectors.
  • We regularly update the security of customer, dealer, and organization systems through patches, configuration changes, and notifications to dealers.
  • We continually collaborate internally on a daily basis to keep products, apps, websites, and services safe for all customers and dealers.

Our Layered Security Approach

Data Center & Network Security
  • Facilities: Snap One servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Data center facilities are powered by redundant power, each with UPS and backup generators.
  • On-site Security: Our data center facilities feature a secured perimeter with multi-level security zones, CCTV video surveillance, physical locks, and security breach alarms.
  • Monitoring: Production network systems, networked devices, and circuits are continuously monitored and logically administered by staff. Physical security, power, and internet connectivity for cloud-provided services are proactively managed and monitored by the managed services providers. On a routine basis, we evaluate cloud provider compliance and SOC compliance audits.
Network Security
  • Dedicated Security Team: Our Security Team is on call 24/7 to respond to security alerts and events
  • Protection: Our network is protected by redundant firewalls, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS), which monitor and/or block malicious traffic and network attacks. For internal networks, we leverage IEEE standard 802.1x for wired and wireless network authentication methods.
  • Architecture: Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
  • Network Vulnerability Scanning: We leverage network security scanning that provides deep insight and quick identification of out-of-compliance or potentially vulnerable systems.
  • Threat Intelligence Program: Snap One participates in threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and proactively take action based on our risk and exposure. Security Incident Response - In case of a system alert, events are escalated to our 24/7 Incident Response Team, who are trained on security incident response processes, including communication channels and escalation paths.
  • Penetration Testing: We conduct annual third-party penetration tests along with quarterly internal penetration tests.
Availability & Continuity
  • Uptime: Snap One maintains a system-status log which includes system availability details, scheduled maintenance, service incident history, and relevant security events.
  • Redundancy: Snap One employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across primary and secondary DR systems and facilities. Our co-location databases are stored on efficient Flash Memory devices with multiple servers per database cluster.
Email & End-Point Protection
  • Email Protection: We leverage next-generation email protection. Our solution is AI and machine learning-based and has an event detection and response team that provides oversight 24/7/365. Our solution ensures that embedded links and attachments are valid and secure. In addition, our solution guards against impersonation and phishing attempts.
  • End-Point Protection: We leverage next-generation end-point protection on laptops, Mac, and servers. This next-gen solution is cloud-based and operates 24/7/365 to protect against malware and other threats. Our solution proactively identifies unauthorized systems and applications and provides real-time alerts on the use of privileged credentials. The platform identifies attacks and stops breaches 24/7 with a team of experts that proactively hunt, investigate, and advise on threat activity in our environment.
Employee Awareness & Training
  • Awareness Program: Our cybersecurity team conducts routine awareness communications to all employees throughout the year. Updates on cybersecurity programs and employee best practices are shared via employee communication programs sponsored by our cybersecurity team.
  • Information Security Policy: Our cybersecurity and risk management teams maintain a comprehensive set of cyber and information risk management policies that are communicated, monitored, and audited routinely. We also require employee attestation regarding the information security policy on an annual basis.
  • Learning Program: Our cybersecurity team put together a comprehensive information risk management learning program. This online training program is available to employees 24/7. Employees are required to take key modules each year. Our cybersecurity team spotlights modules throughout the year in company newsletters and shares current insights into the world of cybersecurity, to focus on what each employee can do to protect our company and our customers.
Snap One Products and Solutions
  • Software Scanning/External Reviews: Static code scans are routinely performed, and external source code reviews are conducted on a regular basis to look for and remediate potential vulnerabilities.
  • IP-Based Products:  We regularly conduct cybersecurity-based vulnerability tests of our IP-based products. These are performed by an independent third-party cybersecurity company.

Report Security Vulnerabilities

We take the quality of our products and potential vulnerabilities seriously.
Please report vulnerabilities responsibly.
See our Vulnerability Disclosure Policy

Submit Report

About Us

Visit this page to learn more about ADI | Snap One, including our global footprint, awards, product categories and much more.

Company Headline

Read the latest news releases from ADI | Snap One and our parent company, Resideo.