Peoplevine has implemented and will maintain appropriate technical and organizational measures to protect Customer Account Data, Customer Usage Data, and Customer Content from (a) accidental or unlawful destruction and (b) loss, alteration, unauthorized disclosure of, or access to such data (a “Security Incident”). Measures to protect Customer Content from a Security Incident are described in this article:
Peoplevine is dedicated to the security and compliance of our platform in order to protect your business when using our tools. Here are many of the things we perform to achieve the highest level of security in our platform:
We perform weekly vulnerability scans to identify any potential threats to our platform and our users data through Trustwave. This scanning is performed weekly on our new development code along with tests monthly on our production code.
We perform monthly PCI Certification through Trustwave across our API, Control Panel and Portal. This meets the industry standard for credit card processing. (please note your site running in our portal may not be compliant, individual PCI compliance scanning on your website is highly recommended).
We perform quarterly Penetration Tests through Evolve Security to identify any potential risks within our application and architecture. Most companies do this annually, we do it quarterly to ensure your data is always safe in PeopleVine.
As well, we lock down access from the outside world (by IP Address) to many of our core internal components in order to ensure the public can't get to it.
We also provide the tools necessary so you can achieve the following compliances:
GDPR Compliance which is designed to provide general data protection for your consumers with full transparency on how their data is used and the self-service tools necessary to remain compliant.
HIPAA Ready which allows our clients in the healthcare space to ensure data related to healthcare activity is properly managed. This also provides our platform with best practices on keeping sensitive data secured.
Our multi-tenant platform is hosted in Microsoft's Azure within their data centers. Please see their data center policy on physical security.
In addition to the general security preventing external access, our platform ensures the following:
We encrypt all passwords, credit cards and other secured data in addition to database level encryption enabled.
We ensure that any access to the database or API are properly authenticated with 5 auth data fields in our API and our RESTful API utilizes expiring tokens and keys to prevent abuse.
Clients have the ability to manage their users, control their access and block future attempts with a few clicks.
The PeopleVine database is backed up continuously for a point in time recovery that can be rolled back up to 35 days.
Data storage is indefinite as long as the customer is an active paying customer. Inactive customers will have their data purged after 90 days of cancelling their subscription.
Enterprise licensed customers can control their own backup and data storage policies.
Peoplevine's shared (SaaS) environment is hosted in Microsoft Azure using a combination of Web Apps, Azure VM, Storage and other components of the Azure platform. With the reliability of Microsoft and the scalability of the cloud, we can dynamically handle volume on a needed basis to ensure a quick and engaging experience for your consumers. Microsoft has detailed a document highlighting the overall security settings in place for data stored and transmitted via Azure here.
Redundancy and Backups Built In
PeopleVine has built in redundancy spreading its database and web server across both the west coast and east coast of USA to ensure complete availability in the event of an outage in a specific region. We also ensure that all content, files and data are backed up on a daily basis in the event a data retrieval is needed.
CDN, Bandwidth and Usage
All media (files, graphics, etc.) that are uploaded into the PeopleVine platform are automatically added to our Content Delivery Network (CDN) in order to ensure the quickest retrieval time available. There are no limitations on bandwidth and usage of the PeopleVine platform provided you are actively enrolled in a PeopleVine plan. Although we do currently cap file sizes to 10MB, we do plan on increasing this in the near future.
Support from Azure
PeopleVine maintains an active support plan with Azure support to ensure we get quick responses and fixes in the event there's a system outage or glitch that needs to be resolved.
To learn more about Azure visit www.azure.com.
On top of the security levels provided by our vendor(s), PeopleVine also employs several security mechanisms to guarantee the safety of your data and user experience:
PeopleVine maintains PCI DSS compliance on a monthly basis through Trustwave, a leader in trusted commerce. This applies both to our API, control panel and portal screens.
As requested by clients, PeopleVine has the ability to meet HIPAA requirements as we currently leverage a proprietary algorithm for encrypting personal data.
All client data is separated by several key elements.
Each request sent to our platform runs through several levels of authentications to ensure proper access of the data based on the user's permissions and access.
Security is handled both in our customer facing tools, such as the control panel and portal, as well as the API to ensure multiple levels of security.
Credit card data is highly encrypted in our platform via a proprietary algorithm and since we maintain PCI DSS compliance, we do not store CVV.
API applications built on the PeopleVine platform can only access other company accounts if the user has authenticated through PeopleVine directly. So your username and password is never shared with the 3rd party app.
All content built in the PeopleVine platform is only visible via a registered domain name, so you can not access another company's information without having the direct URL or access.
All media files uploaded throughout the PeopleVine platform (unless otherwise checked to keep the same name) are encrypted with a unique identifier, folder and extension in order to prevent file/folder browsing.
All transaction data includes the IP Address, Session ID and Device Info of the person who submitted the transaction for trace-ability purposes.
We take security serious within the PeopleVine environment and work with leading vendors to ensure data is encrypted and secured at the highest level.
If you have any questions or feedback, please visit peoplevine.com/feedback to let us know. Learn more about our security and compliance.