At HOVER, we are on a mission to organize the world’s physical structure and we are a trusted provider for homeowners, our customers, and within our partner ecosystem. To do this, we commit to communicate transparently, provide security, and protect the privacy of the data within HOVER’s systems.
You’re in control of the personal data you provide, either directly or through a 3rd party. By using HOVER, you give us permission to do certain things with your data so we can run our service. Some of these operations may require us to send your data to our business partners — such as a cloud storage provider — that we’ve contracted with to provide parts of the HOVER Service. Before we do this, we’ll always make sure that our contracts with such partners protect your data rights.
Whether you come to HOVER on your own or through a 3rd party, we’ll respect your choice of who has access to your personal data. You can provide or revoke access to any 3rd party, through your HOVER settings.
Security and Privacy
We train our employees on our security and privacy policies. Our policies govern acceptable and prohibited use of our networks and services. More importantly, they describe how we protect your personal data. You can review how we protect your privacy here.
Some of our most important policies include:
Describes both acceptable and prohibited use of our networks, the Internet (including social media), laptops, and other devices. It also describes password and multi-factor authentication requirements.
We practice the security principle of least privilege. We allow access to information and resources to only those who need it to perform their role. We keep records of all access requests and audit our accounts regularly.
Describes how we classify information at HOVER. These classifications govern the treatment of information assets, as we protect your data, as well as our intellectual property.
Here’s more information about our privacy and security practices. If you don’t find what you are looking for, please check our help center or contact us [email protected].
We monitor security activity on our pre-production and production systems. Incidents are managed using our Security Incident Management process. This process defines the assessment, containment, recovery, and remediation of issue resolution. All communication (internal and external) is managed by the Critical Response Team. HOVER users, Customers, Partners or other outside parties should report security issues or unethical behavior to [email protected].
If you dwell within a property, you are the account administrator of the corresponding HOVER data. You have control over who has access to your account.
If you are part of a business organization with multiple users, each creating HOVER models on behalf of your customer residents, you will have an assigned HOVER account administrator. The account administrator has control over which individuals have access to the account. New users invited by the account administrator will follow an account sign-up process that includes setting up a password.
We protect all data in transit and at rest using standard Transport Layer Security (TLS 1.2 or higher) and the Advanced Encryption Standard (AES-128) protocols. We maintain redundant backups with live-updated standby database systems to maximize system availability.
We use agile software development methodologies to constantly enhance your experience with HOVER. Our software engineering teams practice continuous delivery to provide quality software to our customers, potentially with multiple releases per day. Our dedicated Quality Assurance (QA) team ensures the effectiveness of our automated test suites, and supplements automation with manual QA when needed.
We use secure cloud infrastructure to deliver our service to you. Our intrusion detection, continuous penetration tests, and vulnerability management systems make sure you can use our services safely.
We do not delete your personal information unless you tell us to, and in some cases we must retain data to verify requests. We know that the HOVER data is a resource to you, the resident or future resident of your property. If you wish to have us remove your personal data from our systems and disable your accounts, you may send such a request to [email protected].
We also maintain confidential system and security related logs for a minimum of three years. These logs help us monitor system performance and serve as a forensic record in the unlikely event of a security incident.
We conduct comprehensive security assessments and annual review on the critical vendors that help us deliver our service. We review service agreements and closely inspect conditions that may lead to misuse of critically important information. We hold our vendors accountable just as we are accountable to you.
HOVER is SOC2 Type I compliant. HOVER’s current SOC2 report is available to customers and prospects under Non Disclosure Agreement (NDA). Coordinate with your HOVER account representative to request a copy of our SOC2 report.