Security Incident Response Policy
Last Updated: November 2025
LenoChat is committed to maintaining the confidentiality, integrity, and availability of our systems and user data. This Security Incident Response Policy describes how we identify, manage, and communicate any security incidents that may impact our merchants, users, or platform infrastructure.
1. Purpose
The purpose of this policy is to ensure that any actual or suspected security incidents are handled quickly, effectively, and consistently, minimizing potential impact to users and ensuring compliance with applicable regulations.
2. Scope
This policy applies to all systems, applications, employees, contractors, and third-party services used to operate LenoChat — including integrations with Shopify, WordPress, and other supported platforms.
3. Definition of a Security Incident
A security incident refers to any event that threatens the confidentiality, integrity, or availability of LenoChat data or systems. Examples include (but are not limited to):
• Unauthorized access to systems or data
• Data loss, corruption, or exfiltration
• Malware, ransomware, or other malicious activity
• Denial of service attacks or unexpected service outages
• Misuse of access credentials or permissions
• Breaches involving third-party vendors or integrations
4. Roles and Responsibilities
• Incident Response Lead: Oversees incident handling, investigation, and coordination.
• Engineering Team: Identifies, isolates, and resolves the technical cause of the incident.
• Compliance & Communications: Coordinates merchant and regulatory notifications as needed.
• All Employees: Must immediately report any suspicious or abnormal system behavior to the response team.
5. Incident Response Process
5.1 Detection and Identification
Incidents may be detected through automated monitoring, internal audits, third-party alerts, or user reports. Once identified, the Incident Response Lead evaluates severity and potential impact.
5.2 Containment
Immediate actions are taken to isolate affected systems or services to prevent further spread or damage. Temporary fixes may be applied while root-cause analysis is underway.
5.3 Eradication and Recovery
Root causes are addressed by patching vulnerabilities, revoking compromised credentials, or restoring from verified backups. Services are returned to normal operation after validation testing.
5.4 Notification and Communication
If an incident involves merchant or user data, LenoChat will notify affected parties within 24–72 hours of confirmation, depending on the severity and regulatory requirements (such as GDPR).
Notifications will include:
• Nature and scope of the incident
• Data potentially affected
• Actions taken and next steps for users
Merchants will be contacted directly via the registered account email or verified support channels.
5.5 Post-Incident Review
After resolution, a review will be conducted to assess the effectiveness of the response, identify lessons learned, and update internal policies or procedures accordingly.
6. Logging and Documentation
All incidents are documented in LenoChat’s internal incident log, including the timeline, impact assessment, actions taken, and recovery outcome. These records are retained for auditing and compliance purposes.
7. Training and Testing
Incident response procedures are reviewed at least once per year, or after any major incident. Relevant staff receive periodic training to ensure readiness and awareness of response procedures.
8. Contact Information
If you believe a security or privacy incident has occurred or have concerns about data security, please contact us immediately:
• Contact:
Contact LenoChat Support
• Website:
www.lenochat.com
9. Policy Review and Updates
This policy is reviewed annually or after any significant system change, incident, or regulatory update.