PeopleVine has implemented and will maintain appropriate technical and organizational measures to protect Customer Account Data, Customer Usage Data, and Customer Content from (a) accidental or unlawful destruction and (b) loss, alteration, unauthorized disclosure of, or access to such data (a “Security Incident”). Measures to protect Customer Content from a Security Incident are described in this article:
PeopleVine is dedicated to the security and compliance of our platform in order to protect your business when using our tools. Here are many of the things we perform to achieve the highest level of security in our platform:
- We perform weekly vulnerability scans to identify any potential threats to our platform and our users data through Trustwave. This scanning is performed weekly on our new development code along with tests monthly on our production code.
- We perform monthly PCI Certification through Trustwave across our API, Control Panel and Portal. This meets the industry standard for credit card processing. (please note your site running in our portal may not be compliant, individual PCI compliance scanning on your website is highly recommended).
- We perform quarterly Penetration Tests through Evolve Security to identify any potential risks within our application and architecture. Most companies do this annually, we do it quarterly to ensure your data is always safe in PeopleVine.
- As well, we lock down access from the outside world (by IP Address) to many of our core internal components in order to ensure the public can't get to it.
We also provide the tools necessary so you can achieve the following compliances:
- GDPR Compliance which is designed to provide general data protection for your consumers with full transparency on how their data is used and the self-service tools necessary to remain compliant.
- HIPAA Ready which allows our clients in the healthcare space to ensure data related to healthcare activity is properly managed. This also provides our platform with best practices on keeping sensitive data secured.
Our multi-tenant platform is hosted in Microsoft's Azure within their data centers. Please see their data center policy on physical security.
In addition to the general security preventing external access, our platform ensures the following:
- We encrypt all passwords, credit cards and other secured data in addition to database level encryption enabled.
- We ensure that any access to the database or API are properly authenticated with 5 auth data fields in our API and our RESTful API utilizes expiring tokens and keys to prevent abuse.
- Clients have the ability to manage their users, control their access and block future attempts with a few clicks.
- The PeopleVine database is backed up continuously for a point in time recovery that can be rolled back up to 35 days.
- Data storage is indefinite as long as the customer is an active paying customer. Inactive customers will have their data purged after 90 days of cancelling their subscription.
Enterprise licensed customers can control their own backup and data storage policies.