Data Security

Your data is safe with us.
We secure it. We don't use it, sell it, or otherwise give it out.

SAS70 Compliant Data Servers      PCI Compliant Credit Card Processing

When using the PoliteMail for Outlook software with our server send credits subscription, pay-as-you-go send credits, or corporate cloud server, we manage and host the PoliteMail Servers and tracking data. This document explains how the online data services component of the PoliteMail Software is provided to you, how such data is protected and secured and how your online purchase data, including credit card information, is protected and secured.

PoliteMail Servers and Data Hosting
provided via Amazon EC2 Virtual Private Cloud

PoliteMail Software does not operate its own hosting centers. We outsource our server and data hosting to a dedicated partner, Amazon Web Services, utilizing their Elastic Compute Cloud Architecture (Amazon EC2) via a virtual private cloud.

Overview of Amazon ASW Secure Infrastructure

Amazon Web Services (AWS) delivers a highly scalable cloud computing platform with high availability and dependability and the flexibility to enable customers to build a wide range of applications. In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services and documents how to use those features. In addition, AWS customers must use those features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.

• Certifications and Accreditations
  AWS has successfully completed a SAS70 Type II Audit and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services.
  
  
• Physical Security
  Amazon has many years of experience in designing, constructing and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.
  
  
• Secure Services
  Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. For more information about the security capabilities of each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes white paper.
  
  
• Data Privacy
  AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so customers can gain greater understanding of how their data flows throughout AWS. For more information on the data privacy and backup procedures for each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes white paper.
  
  

Online Purchasing Security provided via Authorize.Net Payment Gateway

PoliteMail Software does not store your credit card information. We outsource our credit card processing services to a dedicated partner, Authorize.Net, utilizing their secure billing and recurring billing infrastructure.

Overview of Authorize.Net Security and Compliance

Authorize.Net is committed to safeguarding customer information and combating fraud. We operate with a mission to provide the most secure and reliable payment solutions for you and your customers. To accomplish this, Authorize.Net dedicates significant resources toward a strong infrastructure, and adheres to both strict internal security policies and industry security initiatives. With Authorize.Net, your customers can be confident their data is secure. We utilize industry-leading technologies and protocols, such as 128-bit Secure Sockets Layer (SSL), and we are compliant with a number of government and industry security initiatives.

• Payment Card Industry Data Security Standard
  The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures. Each year we renew our PCI DSS compliance. To confirm our PCI compliance, please see Visa's list of compliant service providers.
  
  
• SAS 70
  The Statement on Auditing Standards No. 70, commonly known as SAS 70, defines the professional standards used to assess the internal controls for organizations that provide outsourcing services which impact the control environment of their customers. Authorize.Net is validated annually by external auditors for SAS 70 Type 2.
  
  
• Sarbanes-Oxley, HIPAA, GLBA, CA SB1386
  Sarbanes-Oxley, or SOX, is a set of federally mandated accounting standards for all U.S. public company boards, management, and public accounting firms. Authorize.Net is validated annually by external auditors for the current, relevant portions of the Sarbanes-Oxley Act. Authorize.Net and its parent company CyberSource validate security measures against applicable sections of numerous federal and state laws–HIPAA, GLBA, California Senate Bill 1386 (SB1386), and many others.
  
  

Last Update: 22 September 2010