SHARE LOCAL MEDIA INC. SECURITY POLICY
Last Modified June 3rd, 2019
We recognize that your data is sensitive. This document explains the technology that we use to keep data secure when you use our Shared/Solo mail services and our technology platform.
USER ACCOUNT SECURITY
- All user passwords are stored in a salted encrypted format.
- We require all users use multi-factor authentication (MFA) on their accounts.
- We enforce minimum password complexity requirements.
- We log user activity and perform analysis for suspicious behavior.
- We use industry-standard Transport Security Layer (TLS) encryption on all HTTPS connections to our origin server(s), preventing man-in-the-middle attacks, packet sniffing, and more.
- We use full-disk-encryption on all of our servers. In addition, sensitive data files are encrypted-at-rest.
- We use Amazon Web Services as infrastructure provider for our server instances and databases.
- Amazon Web Services has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II audits.
SERVER SOFTWARE, UPDATES AND PATCHES
- We monitor security announcements for our technology platforms and their dependencies; we install critical security updates as soon as possible after they are released.
- We install non-critical and non-security related software updates on a rolling business.
Updates to our databases are managed by Amazon, and they install critical security updates as quickly as possible.
- We continually improve the security of Share Local Media’s systems by utilizing automated vulnerability scanning tools.
- Our servers are Amazon EC2 instances.
- Our servers are kept behind a firewall (configured to deny by default) and only the ports necessary for operation are exposed to the public internet.
- Files are hosted using Amazon’s S3 service. Amazon S3 provides highly durable storage infrastructure designed for mission-critical data storage.
- Only Share Local Media Inc. employees and contractors with a legitimate business need have the ability to log into our production servers and databases directly.
- Only Share Local Media Inc. employees and contractors with a legitimate business need have access to customer accounts and data.
- Access is removed immediately if an employee or contractor leaves the company or no longer has a legitimate business need for access.
- We have a data security and retention policy which governs how we handle customer data, ensuring that it is held no longer than necessary to fulfill contracted obligations and comply with any applicable regulations or contracts; and setting forth guidelines for secure deletion.
CREDIT CARD INFORMATION
- All credit card information is stored in a highly-secure, PCI-compliant manner by our payment vendor, Braintree Payment Systems.
- Our billing processes are also PCI-compliant.
Questions regarding this document should be sent by email to us at firstname.lastname@example.org.