We understand your information and data is a critical foundation of your business and what you do. We built our system and infrastructure to ensure your data is secure, available, and always accessible. All references to "you" or "your" in this privacy and security statement are to the customers who contract with ProfileGorilla for the Services. All references to "us", "we", or "our" in this privacy and security statement are referencing ProfileGorilla
ProfileGorilla's guiding principles around data, security, and privacy are simple
- Your data is yours
- Your data is protected
- Your data is accessible
You own your data. ProfileGorilla does not own your company's data. You retain ownership and copyright status to all data that is placed in your ProfileGorilla account. There are no data-locks in ProfileGorilla. We believe in making it easy to access and share information in ProfileGorilla
ProfileGorilla uses industry standard and state-of-the-art technology for user logging and password protection using secure data transmissions with secure socket layer (SSL) encryption. Your data is replicated within our hosting environment to three separate nodes to minimize the impact of hardware failures. The servers and data are hosted in secure facilities in several locations in the United States and is never stored or off shored outside of the U.S
The data that you put into ProfileGorilla is by default Private, and accessible only by you and those you choose to share it with. ProfileGorilla does not sell any of your information. ProfileGorilla uses some of your information, as directed by you, to deliver and improve our services for you. ProfileGorilla abides by the safe harbor framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information collected from the European Union. The following link provides more information about the U.S. Department of Commerce Safe Harbor Program
Follow the links below to go to each detailed policy:
Last Modified: May 13, 2013
1. How and when we collect information.
We collect personal information from you when you provide it to us. In the course of your use of these Services, we may collect your name, email address, user credentials, mailing address, telephone number, credit card number, email address, files, information, folders, and other data you provide to us. We may also collect non-personal information, such as browser type, your ISP, operating system, your IP address, and the like.
2. How we use information.
We are committed to protecting your privacy. Under no circumstances do we rent, trade or share your e-mail address with any other company for their marketing purposes without your consent. We may use your personal information for internal purposes such as processing and keeping you informed of your order. You may, from time to time, receive information from us about new features, new services and special offers we think you'll find valuable.
The personal information that you give us when you place an order is used to process and fulfill your order. We also use your personal information for our own internal purposes, such as providing customer support or providing, maintaining, evaluating and improving our products and services.
We may disclose the personal and non-personal information of our customers to any successor-in-interest of ours, such as a company that acquires our business. We may need to disclose your personal information when required by law or when we have a good-faith belief that such action is necessary to comply with a judicial proceeding, a court order or legal process.
We may use non-personal information to improve the services, diagnose problems, and other business purposes.
3. Changing or Deleting Information.
If you are a registered user, you may review, update, correct or delete the information provided in your registration or account profile by changing your account settings. If your personally identifiable information changes, or if you no longer desire our Services, you may update or delete it by making the change on your account settings. In some cases we may retain copies of your information if required by law.
4. Data Retention.
We will retain your information for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request that we no longer use your information to provide you Services, you may delete your account. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
5. Third-Party Links.
6. How we protect information.
We follow generally accepted industry standards to protect the personal information submitted to us from unauthorized access or disclosure, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Additionally, you play a pivotal role in safeguarding your personal information. We encourage you to take all reasonable steps to protect your personal information. While we strive to use commercially acceptable means to protect your personal and non-personal information. We assume no liability for any disclosure of such data due to errors in transmission, unauthorized third party access or other acts of third parties, or other acts or omissions.
7. Children's Privacy.
These Services are intended for users ages 13 and older. Accordingly, we will not knowingly collect or use any personal information from persons that we know to be under the age of 13. In addition, we will delete any information in our database that we know originates from a child under the age of 13.
9. Contact Us.
Mailing Address: ProfileGorilla, c/o Silvershore Partners, LLC, 222 East Forsyth St, Jacksonville, FL 32202
ProfileGorilla requires users to create a unique user name and password that must be entered each time a user logs on. ProfileGorilla issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username or password of the user. When a user accesses secured areas of our site, Secure Sockets Layer (SSL) technology protects user information using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons
Passwords and credit card information are always sent over secure, encrypted SSL connections. Our billing partner who stores and conducts the all transactions against your billing information has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
Our hosting solution platform services are delivered to customers through a network of global datacenters, each designed to run 24 x 7, and each employing various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters are compliant with applicable industry standards for physical security and reliability; managed, monitored, and administered by operations staff; and geographically dispersed.
Our hosting solution uses highly secured access mechanisms, limited to a small number of operations personnel, who must regularly change their administrator access passwords. Datacenter access, and authority to open datacenter access tickets, is controlled by the network operations director in conjunction with local datacenter security practices.
Each datacenter facility at our hosting company has a minimum of two sources of electrical power, including a power generation capability for extended off-grid operation. Environmental controls are self-contained and remain operational as long as the facility and contained systems remain online. Physical security controls are designed to "fail closed" during power outages or other environmental incidents. In case of fire or situations that could threaten life safety, the facilities are designed to allow egress without remaining exposed. Your data is replicated within our hosting environment to three separate nodes to minimize the impact of hardware failures.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet, or method of electronic storage, is perfectly secure. Therefore, we cannot guarantee absolute security. If ProfileGorilla learns of a security breach or potential security breach, we will attempt to notify affected users electronically so that they can take appropriate protective steps. ProfileGorilla may also post a notice on our website if a security breach occurs.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your system, to keep any survey data you download to your own computer away from prying eyes. We offer SSL to secure the transmission of survey responses, but it is your responsibility to ensure that that feature is enabled on your account.
Other Things ProfileGorilla Does to Keep Data Secure
- We continually perform internal risk assessments to determine and address potential risks.
- We perform external security audits.
- We prepare for disasters to enable timely and secure recovery.
- We install virus protection on all relevant servers.
- We continually scan our network for vulnerabilities and remediate against any we might find.
- We have an incident response plan in place should it be needed and test it on regular basis to ensure we are ready to act.
- We provide training on security and privacy to all workers we hire. Workers take the security training annually and the privacy training bi-annually thereafter.