Software and Device Usage policy
1. Introduction and Scope
This policy governs the use of work tools and devices provided by MarsBased SL (hereinafter referred to as MB). It applies to the entire team, regardless of their geographic location or contractual relationship. The objective is to balance the security of company and client information with each collaborator's right to privacy, in accordance with the EU GDPR, local labor laws, and ISO 27001 security standards.
2. Identity and Access Management
Google IDP: Access to all corporate tools must be managed through the Google Identity Provider (IDP) using the corporate account, where supported.
GitHub Accounts: It is mandatory to use a separate, exclusive GitHub account for MB-related activity, following the convention mb-name-lastname. Linking corporate repositories to personal accounts is not permitted.
Credential Management: The use of 1Password is mandatory for managing corporate passwords. Collaborators must use their individual "Employee" vault for personal work credentials, ensuring that shared "Team Vaults" contain only project-wide information.
3. Device Usage, Licenses, and Returns
Company Hardware: Laptops and mobile devices are the property of MB and are provided for exclusive professional use.
Software Licenses: Provided licenses are for work purposes only. Use for side-projects or personal activities is prohibited.
Information Transfer: Forwarding confidential information, source code, or client data to personal accounts or unauthorized third parties is strictly prohibited.
Remote Security: MB reserves the right to perform a remote wipe in case of theft, loss, or contract termination for security reasons.
Hardware Return: Upon termination, equipment must be returned within 72 hours via MB's logistics service.
4. Privacy Commitment and Communications
Non-Interference: MB will not access private data on Slack, 1Password, or Gmail, despite having the technical capability to do so.
Collaborator's Privacy: To protect their own privacy and in accordance with the Confidentiality Agreement, collaborators must not upload personal photos or videos to company systems.
Recordings: Virtual meetings may be recorded solely for operational, training, and coordination purposes, with data confidentiality ensured.
Private Channels: Use personal tools for private life. Do not enter sensitive personal data into AI tools such as Gemini or Cursor.
5. Intellectual Property and Confidentiality
Ownership: All intellectual property rights generated during the performance of duties using MB resources belong exclusively to MB.
Confidentiality: Collaborators must handle company information with due care and maintain strict confidentiality, an obligation that continues after the professional relationship ends.
6. Access Exceptions and Procedure
Access to information or equipment by MB shall be strictly exceptional, justified, and proportional, limited to the following scenarios:
Legal and Judicial Requirements: Court orders, subpoenas, or law enforcement requests.
Asset Protection: Found suspicion of client data leaks, intellectual property theft, or activities compromising ISO 27001 certification.
Conduct and Misuse Investigations: Evidence of harassment, discrimination, criminal activity, or misuse of company assets, devices, or intellectual property.
Business Continuity: Recovery of critical operational information in cases of prolonged absence or termination.
Audits: Technical access required for security audits or regulatory compliance.
7. Jurisdiction and Review
This policy shall be interpreted in accordance with local labor laws. This document may be reviewed and updated annually or as needed.
Last updated