Mobile/TCPA & GDPR Compliance Read More

 Solutions & services for mobile/TCPA compliance & GDPR compliance Read More

Navigation
X Close

Trust

I'M INTRIGUED! I WANT TO KNOW MORE.

Privacy Overview

The privacy and security of our customers data is of utmost importance to PossibleNOW. Just as we go to great lengths to protect our client's data, we do the same to protect their privacy and maintain their trust.

How we use the information we gather

We collect information about our customers to enable us to provide a service, administer customer accounts, and deliver customer benefits (such as our newsletters) and to provide information on regulatory updates. Also, we regularly communicate notice to our customers regarding account activity.

Information sharing policy

PossibleNOW does not sell your private profile or customer-owned information to third parties. We may share your information with affiliates or other third parties, or service providers to process information on our behalf or provide a service to us, such as fulfilling a direct mail piece to our customers; however, PossibleNOW requires that these third parties comply with PossibleNOW's privacy policies when processing this information. We may share anonymous, aggregated information about all of users with third parties.

PossibleNOW's Data Security

PossibleNOW understands that the confidentiality, integrity, and availability of our customers' information are vital to their business operations and our own success. PossibleNOW has stringent standards and processes in place to ensure data safety and integrity.

Secure & Reliable Data Centers:

PossibleNOW's services are hosted on dedicated platforms at highly secure data centers. We have a data center in Suwanee, Georgia and another in Santa Clara California.

Highlights of the access security measures in place at the Suwanee data center include:

  • Visitors to the Data Center must present a photo ID, have their photo taken for a badge, and be escorted by authorized PossibleNOW personnel.
  • PossibleNOW's Data Center has its own private security force. The data center is staffed 24/7/365.
  • Numerous authentication factors are used to prevent unauthorized access including badge cards, biometrics and security guards for physical access, and access control devices for logical access.
  • PossibleNOW servers are locked in a private cage accessible only by badged, authorized PossibleNOW personnel.

Biometric access controls include fingerprints and iris pattern scanning for access to restricted areas.

Additional Data Center Security & Reliability Measures

Many of the additional security measures in place at the Suwanee data center are proprietary and confidential.

PossibleNOW Internal Security Measures

  • Security Monitoring: PossibleNOW's Systems Department is charged with securing all network resources, both centralized and decentralized, and has the responsibility and authority to monitor network traffic to confirm that security practices and controls are adhered to and are effective. All security monitoring shall be executed in accordance with PossibleNOW Information Security policies.
  • System Hardening: All systems must be installed and maintained in accordance with minimum security standards in order to minimize service disruptions and prevent unauthorized access or use.
  • PossibleNOW Certifications & Policies: PossibleNOW maintains certain privacy and security certifications as well as policies that apply to all information handling processes. –

Additional Data Security Measures

Many of the additional security measures in place at the Suwanee data center are proprietary and confidential. The following provide a high level description of some of the additional security measures in place.

  • Perimeter Defense & Building Security:
    PossibleNOW's Data Center has CCTV which is monitored on a 24/7/365 basis and a private security force.
  • Hardware:
    There are no personal computers in the data storage area, only servers which are housed in secure private cage. Any hardware brought into or removed from the data center is tracked and records are kept by Data Center Services (Quality Technology Services, the data center owner) and PossibleNOW's facilities manager.
  • Power Supply & Generators:
    PossibleNOW's Data Center uses an environmentally-friendly power supply system that incorporates a steady stream of power form the local utility company and back-up power using constant power supply (CPS) and diesel generators. With the CPS system, there is no need for battery-powered UPS units.
  • System Reliability & Data Backups:
    Only PossibleNOW customers have access to their data. To gain access, customers must authenticate via a username/password.

PossibleNOW's network components and servers use a redundant configuration to help ensure availability. All customer data is backed up daily with incremental backups made hourly. Backups are made to disk and disks are archived monthly off-site by Iron Mountain in their secure facility.

  • Data Encryption (available upon request):
    PossibleNOW offers SSL for secure HTTP connections between a customer's computer and our servers in the data center. Any data that is sent encrypted remains encrypted.
  • Intrusion Detection:
    Intruder detection is implemented at the network layer at the secure data center facilities and in the corporate office space. Operating system and application software logging processes are enabled on all host and server systems. Where possible, alarm, alert and automated review functions are also enabled and alerts are transmitted to the administrator when a serious security intrusion is detected. Server, firewall, and critical system logs are reviewed, at a minimum, on a daily basis.
  • Fire Safety:
    PossibleNOW's Data Center has state-of-the art fire detection and suppression systems in place. Multi-level alarms allow floor attendants to investigate when the Very Early Smoke Detection Apparatus (VESDA) system detects a smoke signature. The smoke signature detection system constantly monitors the data center for specific events and can pinpoint the physical location of an event immediately upon detection. A fire suppression system handles individual instances on the data center floor. If this system cannot maintain the fire, then a separated pre-action pressurized pipe system, zoned to release water only to the affected area, is triggered.

Data Security Certifications & Policies

PossibleNOW recognizes that our customers are subject to laws that govern the handling of personal information. We seek to support our customers' compliance with such laws by providing a comprehensive privacy and security program that includes certifications, policies, practices, people, and technology.

Certifications That Support Security & Reliability

PossibleNOW maintains the following privacy and security certifications:

  • EU Safe Harbor self-certification through the U.S. Department of Commerce
  • SAS 70 Type II data center
  • PCI DSS
  • HIPAA

Policies That Support Security & Reliability

PossibleNOW has privacy and security policies that apply to all information handling practices.

  • Contractual Privacy Protection for Customers
    PossibleNOW's contracts include confidentiality provisions that prohibit us from disclosing customer confidential information, including customer data, except under certain narrowly defined circumstances, such as when required by law.
  • PossibleNOW agrees not to use, modify, or disclose any customer data to anyone other than the customer's designees.
  • PossibleNOW agrees not to access customer's accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer's request in connection with a customer support issue, or where required by law.

Employee Confidentiality Agreements and Information Security Policies

  • All candidates for employment with PossibleNOW or its affiliated companies, must undergo the following:
    • Sign a Non-Disclosure Agreement
    • Sign a Pre-employment Authorization & Disclosure Form that allows PossibleNOW to perform any or all of the following: a criminal background check, credit history check, verification of education and degrees, verification of previous employment.
    • All candidates for employment must pass the criminal background check to include the last seven years.
    • Undergo and successfully pass a drug screening test

Security & Reliability Practices

PossibleNOW comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.

Internal Training for PossibleNOW Personnel

Upon hiring, each employee undergoes training on PossibleNOW's Information and Data Security policies and must sign a statement that they have received such training. Updates to the Information and Data Security training are conducted as necessary throughout the employee's tenure at PossibleNOW.

Customer Awareness

PossibleNOW strongly encourages all customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.

PossibleNOW contacts customer administrators about specific security issues when warranted.

  • People Who Support Security & Reliability
    PossibleNOW has multiple teams and individuals responsible for security and security-related matters.

    The Chief Technical Officer is responsible for PossibleNOW's security program and personnel, including information, product, and corporate security, and technology audit and compliance.

    The Marketing, Operations and IT Systems Groups are responsible for PossibleNOW's privacy program, including compliance with applicable privacy and data-protection laws.

    Additionally, all PossibleNOW personnel are required to follow PossibleNOW's confidentiality, privacy, and information security policies.

Technology that Supports Security & Reliability

PossibleNOW maintains a comprehensive array of technical measures to protect customer data and offers a robust set of customer-controlled settings to further heighten privacy and security protection.

Default Privacy and Security Features

Application features that protect customer data:

  • Connections to the PossibleNOW services are via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
  • Application logs record the individual who created each record, the creator, last modifier, timestamps, and IP address for every transaction completed.

Logical separation of customer data:

  • Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
  • Multi-tenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.

Network security measures:

  • Network and host based firewalls
  • Intrusion-detection sensors
  • Security event management system,
  • External vulnerability scanning

Disaster Recovery

  • All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore application services in the event of an outage or loss of a primary data center.

Customer-Defined Privacy and Security Settings

  • Customers may determine which of their respective designees can access different categories of data.
  • Customers may define expiration times for session inactivity.
  • Customers may request custom fields that are encrypted in storage for sensitive information types

Read our FAQs about our Consulting Services.

HAVE A QUESTION? CONTACT US. INFO@POSSIBLENOW.COM