SECURITY
Here are our practices.
We employ rigorous security measures at organizational, architectural, and operational levels to protect our applications, our infrastructure, and the data of our customers and website visitors. At Limohunter.com, we actively promote security awareness, provide training on data protection, and implement best practices, so that security principles and data privacy are top of mind for our employees. LIMOHUNTER considers information security principles when designing our platform, managing our networks, and conducting our daily business operations.

Governance
LIMOHUNTER has implemented formal data privacy, information security, and acceptable use policies that govern employee activities. We train our employees on these policies during onboarding and regularly thereafter. In addition, we rely on our Information Security and IT teams to enforce policies through the implementation of technical controls.

Risk Management
LIMOHUNTER performs regular information security risk assessments covering our facilities, systems, and information assets. We share risk assessment results and risk mitigation suggestions with senior management, as appropriate. Our risk assessment results specify proposed changes to systems, processes, policies, and tools to reduce security vulnerabilities and threats to CarGurus, its customers, and its website visitors. We mitigate risks through the implementation of policies, procedures, and controls.

Vendor Security Management
LIMOHUNTER conducts and records vendor security assessments for its service providers. Vendors are approved or rejected based on their relative security posture and the risk they would introduce for LIMOHUNTER

Security Operations
LIMOHUNTER employs state-of-the-art endpoint security protections, intrusion detection systems, and advanced email protections to monitor our systems and prevent potential security incidents. LIMOHUNTER uses a next-generation anti-malware solution to address malicious software and other threats. Anti-malware agents are centrally managed and are configured to install updates on a regular basis. These agents alert operations analysts when malware is detected so they can take action.
LIMOHUNTER uses a vulnerability management program to identify and remediate vulnerabilities across our networks, reducing exposure, and minimize our attack surface. We also conduct 24/7 monitoring of our critical systems.

Access Control
LIMOHUNTER uses identity and access management controls to provide access to our systems through user accounts with appropriate privileges. LIMOHUNTER provisions all critical network and application access using the principle of least privilege. We limit key administrative access to authorized personnel. Provisioning and deprovisioning procedures exist to document the relevant access levels and approvals granted to critical systems and data. We conduct periodic access reviews for critical systems and applications, using a risk-based approach.
LIMOHUNTER uses an identity management single sign-on platform provider for our critical business applications. We assign users unique IDs and enforce password requirements that align, at a minimum, to NIST standards. Our identity management platform enforces LIMOHUNTER password policy and requires multifactor authentication.

Physical Security
The LIMOHUNTER platform is hosted in the cloud and in state-of-the-art data centers. The co-located data centers provide physical and environmental security controls (including biometric identification, supervised entry, 24/7/365 on-premise security teams, and CCTV systems). Access to data centers is restricted to authorized individuals. Our data center facilities maintain SOC 2 reports, which describe and test the internal controls of the service organization.

Data Privacy and Protection
LIMOHUNTER takes the protection of personal data seriously. Databases are gated by role-based access controls, and multi-factor authentication is enforced on login LIMOHUNTER employs recognized encryption protocols for
LIMOHUNTER recognizes and adheres to data privacy laws and regulations, including the EU’s General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and the PCI Data Security Standard. The GDPR and CCPA impose obligations regarding the collecting, processing, and transmission of personal data.

Availability
LIMOHUNTER maintains documented backup procedures. LIMOHUNTER regularly performs full backups of all production databases. Data backups are replicated to an offsite location on a regular schedule.