Podpal, Inc. (“Podpal” also referred to as "our", "us" and "we") considers protection of Customer Content a top priority. As further described in this Podpal Security Policy, Podpal uses commercially reasonable organizational and technical measures designed to prevent unauthorized access, use, alteration or disclosure of Customer Content stored on systems under Podpal’s control. In order to protect our network from evolving threats and disruptions, ensuring effective security controls, Podpal may modify this Security Policy, with notice to Customer, to reflect new features and updated practices, but any such modifications will not materially decrease Podpal’s security obligations during a Subscription Term.
This policy is issued under and forms part of the Terms of Service Agreement which references this policy, and any capitalized terms not defined herein shall have the meanings ascribed to them in the Agreement.
Podpal implements formal procedures to limit its personnel’s access to Customer Content as follows:
1.1 Requires unique user access authorization through secure logins and passwords, including multi-factor authentication for Cloud Hosting administrator access and individually assigned Secure Socket Shell (SSH) keys for external engineer access;
1.2 Limits the Customer Content accessible to Podpal personnel on a “need to know basis”;
1.3 Limits access to Podpal’s production environment by Podpal’s personnel on the basis of business need;
1.4 Prohibits Podpal personnel from storing Customer Content on electronic portable storage devices, such as computer laptops, portable drives and other similar devices;
1.5 Logically separates each of Podpal’s users’ data and maintains measures designed to prevent Customer Content from being exposed to or accessed by other users.
Podpal provides industry standard encryption for Customer Content as follows:
2.1 Implements encryption in transit and at rest;
2.2 Uses strong encryption methodologies to protect Customer Content, including AES 256-bit encryption for Customer Content stored in Podpal’s production environment;
2.3 Encrypts all Customer Content located in cloud storage while at rest; and
2.4 Implements full-disk encryption for hard-drives on all personnel individual workstations.
3.1 Podpal implements properly configured and patched firewalls, network access controls and other technical measures designed to prevent unauthorized access to systems processing Customer Content;
3.2 Podpal maintains effective controls to ensure that security patches for systems and applications used to provide the Service are properly assessed, tested and applied;
3.3 Podpal monitors privileged access to applications that process Customer Content, including cloud services;
3.4 Remote access to Podpal’s environments is controlled with a virtual private network or other device (“VPN”) or private lines, consistent with industry best practices. Two-factor authentication is required for all remote access;
3.5 Podpal operates on Google Could Platform (“GCP”) and is protected by Google’s security and environmental controls. Detailed information about GCP security is available at https://cloud.google.com/security/.
3.6 Customer Content hosted in GCP is AES-256 encrypted both in transit and at rest. GCP does not have access to unencrypted Customer Content. Detailed information about GCP encryption is available at https://cloud.google.com/docs/security/encryption/default-encryption.
3.7 Podpal uses Intercom to store customer information for marketing purposes and is protected by Intercom’s security and environmental controls. Detailed information about Intercom’s security is available at https://www.intercom.com/security.
3.8 All data sent to or from Intercom is encrypted in transit using at least 256 bit encryption. Intercom’s API and application endpoints are TLS/SSL only. Intercom also encrypts data at rest in a comparable manner.
Podpal periodically assesses the security of its systems and the Service as follows:
4.1 Podpal periodically hires accredited third parties to perform audits and to attest to adherence to SOC 2, Type 2 and SOC 3 compliance standards.
4.2 Regular vulnerability scanning.
If Podpal becomes aware of unauthorized access or disclosure of Customer Content under its control (an “Incident”), Podpal will respond in accordance with the Support Policy. In general Podpal will:
5.1 Take reasonable measures to mitigate the harmful effects of the Incident and prevent further unauthorized access or disclosure;
5.2 Upon confirmation of the Incident, notify the Customer or the Customer’s designated security contact.
6.1 Podpal maintains a business continuity and disaster recovery plan in accordance with industry trends and standards; and
6.2 Podpal maintains processes to ensure failover redundancy with its systems, networks and data storage.
7.1 Podpal performs employment verification, including proof of identity validation, check of education records and employment track, and criminal background checks for new hires in positions requiring access to systems and applications storing Customer Content in accordance with applicable Law;
7.2 Podpal provides training for its personnel who are involved in the processing of Customer Content to ensure they understand their obligations to not collect, process or use Customer Content without authorization and to keep Customer Content confidential, including following the termination of any role involving Customer Content;
7.3 Podpal conducts routine and random monitoring of employee systems activity; and
7.4 Upon employee termination, whether voluntary or involuntary, Podpal immediately disables all access to Podpal systems, including Podpal’s physical facilities.
We may update this Security Policy from time to time to reflect our current practice and ensure compliance with applicable laws. When we post changes to this Security Policy, we will revise the “Effective date” at the top of the page. If we make any material changes to the way we use secure customer data, we will take appropriate measures to notify you. We recommend that you check this page from time to time to inform yourself of any changes.
If you have any questions about Podpal security, please contact us at firstname.lastname@example.org or send a letter to our Data Protection Officer.
44 Milton Ave Suite 128
Alpharetta, GA 30009