Security Overview
Keeping customer data safe and secure is a huge responsibility and a top priority for CompanyOn. We work hard to protect our customers from the latest threats. We store all our own sensitive information on the same servers our customers do. We don’t want our information compromised, so we’re motivated by self-preservation as well. Aligning our goals with your goals is the best way to see eye-to-eye on the need to keep everything as secure as we can.
We protect your data
All data is backed up constantly. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.
Your data are sent using HTTPS
Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.
Any files which you upload to us are stored and are encrypted at rest. The information you add to the service is active in our databases and subject to the same protection and monitoring as the rest of our systems.
Full redundancy for all major systems
Our servers from power supplies to the internet connection, operate at full redundancy.
Security Breach
CompanyOn takes the protection of Personal Information and Protected Health Information (“PHI”) seriously. In the event that CompanyOn determines that the security, integrity, or confidentiality of the Service has been compromised and such incident has resulted in unauthorized access to, or disclosure of, Customer Data or PHI, CompanyOn shall notify the affected Customer(s) without undue delay upon confirmation of the breach.
The notification will include:
• a description of the nature of the breach, including the categories and approximate number of affected records;
• the likely consequences of the breach; and
• the measures taken or proposed to address and mitigate its possible adverse effects.
CompanyOn will take immediate corrective action to contain and remediate the incident, document all findings, and reasonably cooperate with the affected Customer(s) to support their own notification, mitigation, and reporting obligations under applicable privacy or health information laws.
CompanyOn will retain documentation of the breach and all related remediation measures for audit and compliance purposes for a minimum of twelve (12) months following resolution or longer where required by law.
Regularly-updated infrastructure
Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we implement the latest security methods to keep up with the state-of-the-art in cloud-based security.
Changes & questions
CompanyOn may update this policy once in a while—we’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change or delete your personal information at any time through the Service or by contacting us.
Questions about this policy? Get in touch and we’ll be happy to answer them!
This content is licensed under a Creative Commons Attribution 4.0 International License. By basecamp.