Security Policy

As a company that takes data security and privacy very seriously, we recognize that FunnelGuard Inc.’s information security practices are important to you. While we don’t like to expose too much detail around our practices (as it can empower the very people, we are protecting ourselves against), we have provided the appropriate level of information to give you confidence in how we secure the data entrusted to us.

FunnelGuard Inc. has implemented, and agrees to maintain, information security policies consistent with industry guidelines that include administrative, physical and technical safeguards that are reasonably appropriate to protect the privacy, confidentiality, integrity and availability of your personal data and other Personally Identifiable Information (PII) processed by FunnelGuard Inc. and to protect such information against accidental, unlawful or unauthorized access, copying, damage, destruction, disclosure, distribution, loss, manipulation, modification, processing, use, reuse, or transmission, taking into account the relative sensitivity and volume of the information processed by FunnelGuard Inc..

FunnelGuard Inc. has implemented, and agrees to maintain administrative safeguards that are reasonably appropriate, taking into account the relative sensitivity and volume of the personal data and other Personally Identifiable Information (PII) processed by FunnelGuard Inc processed by FunnelGuard Inc., and that include, but are not limited to:

i. Security awareness among those employees of FunnelGuard Inc. with access to personal data and other Personally Identifiable Information (PII) to ensure understanding of responsibilities in guarding against security events and unauthorized use or access to personal data or PII;

ii. Continuous training of employees on best security practices, including how to identify social engineering, phishing scams, and hackers;

iii. Ensuring employees on teams that have access to personal data or PII (such as tech support and our engineers) undergo criminal history and credit background checks prior to employment;

iv. Ensuring all employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data;

v. Due diligence processes for any subcontractors processing personal data or PII to ensure compliance with this policy;

vi. Logging procedures to proactively monitor user and system activity;

vii. Access termination procedures to ensure timely revocation of access;

viii. Periodic user entitlement review processes to ensure appropriate access;

ix. Software development and change management processes;

x. Security incident management policies and procedures to ensure appropriate detection, investigation, notification, evidence preservation and remediation;

xi. Comprehensive insurance cover in order to protect our company from a variety of different losses. Coverage includes, but is not exclusive to: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, excess cyber liability coverage, property and business interruption coverage, as well as international commercial general liability coverage.

FunnelGuard Inc. has implemented, and agrees to maintain, physical safeguards that are reasonably appropriate, taking into account the relative sensitivity and volume of the personal data and other Personally Identifiable Information (PII) processed by FunnelGuard Inc., and that include, but are not limited to:

i. Access controls at facilities processing personal data or PII to ensure continuous monitoring and that only authorized individuals are granted access. Our offices are secured by keycard access and they are monitored with cameras throughout;

ii. Secured transport and disposal of physical media and paper waste containing personal data and PII;

iii. Controls to protect against environmental hazards (e.g., water or fire damage);

iv. Our office network is heavily segmented and centrally monitored; and

v. We have a dedicated internal security team that constantly monitors our environment for vulnerabilities.

FunnelGuard Inc. has implemented, and agrees to maintain, technical safeguards that are reasonably appropriate, taking into account the relative sensitivity and volume of the personal data and other Personally Identifiable Information (PII) processed by FunnelGuard Inc., and that include, but are not limited to:

· Logical separation of personal data and PII on information systems. All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other;

· Account data is mirrored and regularly backed up off site;

· Access controls to maintain appropriate segregation of duties and ensure authorized role-based access to information resources on a need-to-know and least privilege basis;

· Complex passwords, changed on a regular basis, and stored and transmitted in a secure manner. FunnelGuard Inc. account passwords are redirected to an authentication provider that delivers a consistent login experience, centralized feature and security management with minimal application-level impact. Our own staff can't even view your passwords. If you lose your password, it can't be retrieved – it must be reset;

· Device and software management controls to guard against viruses and other malicious or unauthorized software;

· Information system and software patching consistent with manufacturer recommendations;

· Intrusion detection and prevention systems to guard against unauthorized information system access;

· Data loss and leakage prevention to guard against accidental or unauthorized disclosure;

· Encryption of personal data and PII stored on all electronic devices and, where reasonable, information systems. All login pages (from our website) pass data via Transport Layer Security* (or TLS). In addition, the entire FunnelGuard Inc. application is encrypted with TLS;

· Audit logging that records user and system activities;

· Login pages and logins via the FunnelGuard Inc. API have brute force protection; and

· We perform regular external security penetration tests throughout the year using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.

*Transport Layer Security (or TLS) is a cryptographic protocol that provides secure (encrypted) communication for data exchanged over the Internet between two organizations.

· FunnelGuard Inc. is built on the AWS cloud and DigitalOcean, and we maintain our data in United States data centers.

· We have flexibility through AWS to store data in other regions should our client have a specific request. Our data centers manage physical security 24/7 with biometric scanners.

· We have DDOS mitigation in place at all of our data centers.

· FunnelGuard Inc.'s credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they use the best-in-class security tools and practices to maintain a high level of security.

Yes, you heard that correctly. At FunnelGuard Inc., we can secure ourselves like Fort Knox, but if our users’ device(s) gets compromised and someone gets into their FunnelGuard Inc. account, that's not good for either FunnelGuard Inc. or our users. Some of the activities we undertake to protect ourselves from our users includes:

· We monitor and automatically suspends accounts for signs of irregular or suspicious login activity.

· Certain changes to accounts, such as to your password, will trigger email notifications to the account owner.

· We monitor accounts for signs of abuse.

· We provide the ability to establish tiered-levels of access within accounts.

FunnelGuard Inc.’s Legal team partners with our developers and engineers to make sure our products and features comply with applicable international spam and privacy laws. In addition, we retain a privacy firm in the EU to consult on EU privacy issues and our data protection policies & standards.

If you’ve discovered a vulnerability in the FunnelGuard Inc. application, please don’t share it publicly. Instead, please submit a report to us via the process outlined below. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues. Every day, new security issues and attack vectors are created. FunnelGuard Inc. strives to stay on top of the latest security developments both internally and by working with external security researchers and companies. We appreciate the community’s efforts in creating a more secure web.

If you believe your account has been compromised or you are seeing suspicious activity on your account please email support@funnelguard.co