Data Security & Privacy Policy
Data Security & Privacy Policy
Intellidance® and Inspire-Create-Educate use Ontraport as our platform provider for all courses and resource portals. The following information details how they handle data security and user privacy. Intellidance® and Inspire-Create-Educate do not sell or share user data with any 3rd parties. Credit card processing is handled by a 3rd party processor and payment information (other than last 4 digits of card and expiration date) is not visible or accessible by Intellidance or ICE.
Ontraport's security framework includes a comprehensive set of measures and practices designed to protect customer data and ensure system integrity. Key elements of Ontraport's security framework are:
1. Firewalls: Stateful packet inspection is employed at all necessary network locations to protect the network.
2. Log Analysis: Logs are routinely inspected, and all critical transactions (application and system) are recorded and audited as necessary.
3. Intellectual Property Security: Data inside customer accounts is protected from external viewing. Only authorized individuals with account access can view the data.
4. Customer Support Security: Support representatives have access to accounts but with obfuscated information where possible (e.g., email addresses), and exporting of information is disabled.
5. Account Login and Access: Logins are protected by username and password. IP address restrictions are enabled by default, and explicit permission is required for anyone attempting to log in.
6. Multi-Factor Authentication (MFA): Two-factor authentication is not employed for account access by users. However, infrastructure is protected by multi-form authentication, including IP restrictions, cryptographic key requirements, on-demand password authentication, user password authentication, and per-server access controls. MFA cannot be added or modified by account users.
7. Secure Communications: All application web transactions are performed over HTTPS. Communication with external systems also uses HTTPS where possible.
8. DDoS Protection: The application and its endpoints are behind several tiers of load balancing and traffic control devices. Transit-level protection is provided by Cloudflare.
9. Payment Information Security: Payment data handling complies with PCI-DSS standards, applicable when using Ontraport's provided payment mechanisms.
10. General Security Practices: Ontraport follows industry-standard best practices, including monthly, quarterly, and annual scans and audits. Senior staff with access to critical systems undergo background checks in compliance with PCI-DSS.
11. Data Backups: Database contents and other data are stored locally in Ontraport's datacenter and copied daily to Amazon services. Data at rest is encrypted where necessary, and all data is encrypted during transit over public networks.
12. System Availability: The infrastructure is fault-tolerant and resilient, with back-end processes operating independently of front-end access.
13. Physical Security: Physical access to infrastructure requires multi-form identification and explicit permission. Infrastructure is secured behind locked doors once inside the facility.
Ontraport's security framework includes a comprehensive set of measures and practices designed to protect customer data and ensure system integrity. Key elements of Ontraport's security framework are:
1. Firewalls: Stateful packet inspection is employed at all necessary network locations to protect the network.
2. Log Analysis: Logs are routinely inspected, and all critical transactions (application and system) are recorded and audited as necessary.
3. Intellectual Property Security: Data inside customer accounts is protected from external viewing. Only authorized individuals with account access can view the data.
4. Customer Support Security: Support representatives have access to accounts but with obfuscated information where possible (e.g., email addresses), and exporting of information is disabled.
5. Account Login and Access: Logins are protected by username and password. IP address restrictions are enabled by default, and explicit permission is required for anyone attempting to log in.
6. Multi-Factor Authentication (MFA): Two-factor authentication is not employed for account access by users. However, infrastructure is protected by multi-form authentication, including IP restrictions, cryptographic key requirements, on-demand password authentication, user password authentication, and per-server access controls. MFA cannot be added or modified by account users.
7. Secure Communications: All application web transactions are performed over HTTPS. Communication with external systems also uses HTTPS where possible.
8. DDoS Protection: The application and its endpoints are behind several tiers of load balancing and traffic control devices. Transit-level protection is provided by Cloudflare.
9. Payment Information Security: Payment data handling complies with PCI-DSS standards, applicable when using Ontraport's provided payment mechanisms.
10. General Security Practices: Ontraport follows industry-standard best practices, including monthly, quarterly, and annual scans and audits. Senior staff with access to critical systems undergo background checks in compliance with PCI-DSS.
11. Data Backups: Database contents and other data are stored locally in Ontraport's datacenter and copied daily to Amazon services. Data at rest is encrypted where necessary, and all data is encrypted during transit over public networks.
12. System Availability: The infrastructure is fault-tolerant and resilient, with back-end processes operating independently of front-end access.
13. Physical Security: Physical access to infrastructure requires multi-form identification and explicit permission. Infrastructure is secured behind locked doors once inside the facility.