At IronWall360, we use a variety of protocols and strategies to help ensure the security of the information our clients and partners provide to us. While any organization can be hacked, we work hard to make sure that if that happened here, the chance of thieves getting any useful information is greatly minimized.
Specifically:
- We collect as little information as possible. Unlike our competitors, we do not collect social security or credit card numbers, copies of IDs or badge numbers, nor do we augment the information provided to us with outside information. In general, we collect names, emails, phone numbers, addresses and years of birth (not actual birthdates).
- Each organization we service has a separate discrete portal with its own encryption keys, passwords and security settings, minimizing the chance that a leak from one will affect other portals.
- All information is stored in a database (again, one for each organization) and all personally identifiable information (PII) is encrypted using 256-bit encryption.
- We store information on servers that are owned and managed by us, and not on the cloud, hosted at secure co-locations. The buildings are fire and weather resistant, and housed in portions of the country where earthquakes and hurricanes are not common.
- Our backups are encrypted and secured onsite and offsite; if they are stolen, the information will be useless.
- We run regular scans on our servers for intrusions and issues and rectify any issues we encounter.
- If any individual member or organization cancels our service (we have a 98% renewal rate since 2008), we delete all information on that member or organization within 4 business days, and backups are deleted after two weeks.
In addition, we certify the following:
- The information of our individual members and organizations do not belong to 360Civic/IronWall360. We do not sell, barter, trade or otherwise divulge information to any outside organization, except for the express purpose of searching and removing information. We will contact you (with your permission) on the status of searches and removals, and to offer you additional security services we offer to enhance these protections.
- We will not divulge your information to any organization outside of that mandate, unless compelled by a verified court order.
Security and Peace of Mind
We run our company with the mission that your information belongs to you and companies and organizations should not profit from collecting and selling your PII. We do not riddle our privacy statement with exceptions, nor are we careless with your information.