# Acceptable Use Policy **Digital Benefits Pte Ltd (WiBiz)** **Version:** 1.0 **Effective Date:** 15 April 2026 **Owner:** CEO / Operations Lead **Review Cycle:** Annual (next review by April 2027) --- ## 1. Purpose This policy defines acceptable and prohibited use of WiBiz information systems, devices, and data. It exists to protect the company, its clients, and its employees from the consequences of misuse, whether intentional or accidental. --- ## 2. Scope This policy applies to all individuals who access WiBiz systems, networks, data, or devices. This includes: - Full-time and part-time employees (Singapore and Philippines) - Contractors and freelancers - Interns (including university placement interns) - Channel partners and their staff who access WiBiz systems - Any third party granted access to WiBiz platforms or data "WiBiz systems" includes but is not limited to: the WiBiz platform and its underlying infrastructure, company email accounts, messaging platforms (Slack, Discord), cloud services (Vercel, GitHub, Dropbox, Google Workspace, Notion), CRM and automation tools, company-issued or company-managed devices, and any system accessed using WiBiz credentials. --- ## 3. Acceptable Use of Company Systems ### 3.1 General Principles - Company systems are provided primarily for business purposes. - Incidental personal use is permitted provided it does not interfere with work, consume excessive bandwidth, or violate any other provision of this policy. - All use of company systems must comply with applicable laws in Singapore, the Philippines, and any other jurisdiction where WiBiz operates. ### 3.2 Device Usage - Company-issued devices must be kept physically secure at all times. - Devices must be locked when unattended (automatic screen lock within 5 minutes of inactivity). - Operating system and application updates must be applied within 7 days of release. - Only software approved by WiBiz may be installed on company devices. If uncertain, ask before installing. - Company devices must not be shared with family members, friends, or other non-employees. ### 3.3 Internet Usage - Internet access through company systems or networks may be used for work-related research, communication, and professional development. - Streaming media, large file downloads, and bandwidth-intensive personal use should be avoided during work hours. - Accessing, downloading, or distributing illegal, offensive, or sexually explicit material is strictly prohibited. ### 3.4 Email Usage - Company email accounts must be used for all work-related correspondence. - Do not use personal email accounts to send, receive, or store work-related data or client information. - Exercise caution with email attachments and links. Do not open attachments from unknown senders or click on suspicious links. - Do not auto-forward company email to personal accounts. --- ## 4. Social Media - Employees may use personal social media accounts during non-work hours or during breaks. - The following are prohibited on any social media platform, whether personal or professional: - Disclosing client names, data, conversations, or business details without explicit written client consent. - Disclosing the identity of WiBiz's underlying platform infrastructure or technology partners. - Sharing proprietary WiBiz systems, workflows, pricing structures, or internal processes. - Posting screenshots of internal tools, dashboards, client accounts, or communications. - Making statements that could reasonably be interpreted as official WiBiz positions unless authorised. - When in doubt, do not post. Consult the Operations Lead before publishing anything that references WiBiz, its clients, or its technology. --- ## 5. Password and Authentication Requirements - All passwords must meet minimum complexity requirements as defined in the Access Control Policy. - Multi-factor authentication (MFA) must be enabled on all systems that support it. This includes but is not limited to: email, GitHub, Vercel, cloud storage, CRM, and communication platforms. - Passwords must not be shared with anyone, including managers and IT support. - Passwords must not be stored in plaintext (no sticky notes, no unencrypted text files, no browser-saved passwords without a master password manager). - Use a password manager approved by WiBiz for credential storage. - If you suspect a password has been compromised, change it immediately and report the incident to the Operations Lead. For full authentication standards, refer to the **Access Control Policy**. --- ## 6. Prohibited Activities The following activities are strictly prohibited. This list is not exhaustive; any activity that compromises the security, integrity, or reputation of WiBiz or its clients is prohibited. - **Unauthorized access:** Accessing systems, accounts, data, or networks that you are not authorized to access, regardless of whether access controls are in place. - **Data exfiltration:** Copying, transferring, or transmitting WiBiz or client data to personal accounts, personal devices, unauthorized cloud services, or any external party without explicit authorization. - **Credential sharing:** Sharing your login credentials with anyone, or using another person's credentials. - **Unapproved software:** Installing, downloading, or running software that has not been approved by WiBiz on company systems. - **Circumventing security controls:** Disabling, bypassing, or interfering with firewalls, antivirus, encryption, access controls, monitoring tools, or any other security measure. - **Unauthorized external services:** Using personal cloud storage (personal Google Drive, personal Dropbox, iCloud) to store or process work data or client data. - **Malicious activity:** Introducing malware, viruses, or malicious code into any system. Conducting port scanning, network sniffing, or vulnerability testing without explicit written authorization. - **Misrepresentation:** Impersonating another user, system, or entity. - **Intellectual property violation:** Using company systems to infringe copyrights, trademarks, patents, or other intellectual property rights. --- ## 7. BYOD (Bring Your Own Device) Requirements If you use a personal device (laptop, phone, tablet) to access any WiBiz system, the following requirements apply: - **Encryption:** Full-disk encryption must be enabled (FileVault on macOS, BitLocker on Windows, native encryption on iOS/Android). - **Screen lock:** Automatic screen lock must be enabled with a maximum idle time of 5 minutes. PIN, password, or biometric unlock required. - **Operating system:** Must be a currently supported version with security updates applied within 14 days of release. - **Antivirus/anti-malware:** Must be installed and kept current on Windows and Android devices. - **Remote wipe consent:** By accessing WiBiz systems from a personal device, you consent to remote wipe of company data on that device if the device is lost, stolen, or if your employment or engagement with WiBiz ends. WiBiz will make reasonable efforts to wipe only company data, but cannot guarantee personal data will be unaffected. - **No jailbroken or rooted devices:** Devices with modified operating systems may not be used to access WiBiz systems. - **Reporting:** Lost or stolen devices that have accessed WiBiz systems must be reported to the Operations Lead within 24 hours. --- ## 8. Client Data Handling - Client data must never be stored on personal devices or personal cloud accounts. - Client data must only be accessed through authorized WiBiz systems and tools. - Client data must not be copied into emails, chat messages, or documents unless there is a legitimate business need, and even then only through approved channels. - Client conversation data, CRM records, contact information, and payment data are confidential and must be treated accordingly. - Do not discuss client-specific data in public spaces, on social media, or with individuals who do not have a business need to know. - When sharing client data internally (for troubleshooting, reporting, or delivery), use the minimum amount of data necessary. - Refer to the **Data Retention and Disposal Policy** for rules on how long client data is retained and how it must be deleted. --- ## 9. Monitoring Disclosure WiBiz reserves the right to monitor, log, and audit the use of all company systems, networks, devices, and accounts. This includes but is not limited to: - Email content and metadata - Internet browsing activity on company networks - File access and transfer activity - Login and authentication records - Application usage - Communication on company messaging platforms Monitoring is conducted for the purposes of security, compliance, performance management, and protecting company and client assets. By using WiBiz systems, all individuals covered by this policy acknowledge and consent to this monitoring. Monitoring will be conducted in compliance with applicable privacy laws in Singapore (PDPA) and the Philippines (Data Privacy Act of 2012). --- ## 10. Violations and Consequences Violations of this policy may result in disciplinary action, up to and including: - Verbal or written warning - Suspension of system access - Termination of employment or contract - Legal action, including civil claims and criminal referral where applicable The severity of the consequence will be proportionate to the nature of the violation. Repeated minor violations will be treated with escalating severity. All suspected violations must be reported to the Operations Lead. Reports may be made confidentially. WiBiz prohibits retaliation against anyone who reports a policy violation in good faith. --- ## 11. Policy Acknowledgement All individuals covered by this policy must acknowledge that they have read, understood, and agree to comply with this policy. Acknowledgement will be recorded during onboarding and at each annual policy review. --- ## Document Control | Field | Value | |---|---| | Document ID | WBZ-POL-AUP-001 | | Version | 1.0 | | Classification | Internal | | Author | Operations | | Approved by | CEO | | Effective date | 15 April 2026 | | Next review | April 2027 |