IT Platform & Security
Our technology is built on a top of the line infrastructure. The servers are co-located at a Tier 1 data center facility in the United States operated by Savvis and is SAS-70 Type II certified. Savvis is recognized by Gartner as a Magic Quadrant leader. Data center security measures include:
- On premise security guards
- Exterior-building cameras, false entrances, vehicle blockades, parking lot design, bulletproof glass/walls, unmarked buildings
- Biometric systems which include palm scanners
- Security cameras with digital recorders, Pan-Tilt-Zoom (PTZ) capabilities
- Portals and man traps, only a single person authenticated at one time
- Caged and locked space with access authorized to limited staff
Network and Systems Layer
Our network is protected by top-of-the line firewalls from industry-leading vendors. These firewalls remain up-to-date with upgrades and patches provided by vendors and they are configured to allow only the absolute minimum level of access to internet users.
Various security measures are employed and enforced inside of the perimeter firewalls and on internal systems. The exact nature of these measures is kept confidential.
All operating systems are kept current with all the patches recommended by their vendors. All unnecessary users, protocols, and ports are disabled and monitored.
Our databases can only be accessed through trusted authentication and are kept inside layers of protection.
Human Layer
All data maintained in your account is owned by you. Our employees do not have direct access to the production equipment, except where necessary for system management, maintenance, monitoring, and backups. We do not outsource data management to service providers. Only select qualified permanent employees are allowed access to database servers, and only when their access is absolutely necessary.
Application Layer
The platform offers extensive features to help you protect and secure your account, data and applications:
Account Authentication - Your account is protected by your Account ID and password. We encourage you to use strong passwords, protect them from others and change them often. We do not store sensitive user data in cookies or utilize other high-risk user or session tracking methods.
Data Encryption - When you log into your account, your session is secured with 100% data encryption. Many of this site’s pages are secured with industry-standard SSL security .
PCI Compliance
The technology platform we use has been deemed PCI compliant by the Payment Card Industry Security Standards Council. This means that we have implemented the highest security standards when it comes to transactions involving a credit or debit card.
We meet all six categories of PCI standards.
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor Networks
- Regularly Test Networks
- Maintain an Information Security Policy
TRUSTe EU Safe Harbor Certified
We respect your privacy and the privacy of the information in your account and treat both with utmost care and consideration. The service is a licensee of the TRUSTe® Privacy Program and abide by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union.
TRUSTe is an independent organization devoted to build users’ trust in the internet by promoting the use of fair information practices.
