Database Security
Transparency
Predictions, like many other SaaS platforms, is hosted on a third-party platform. This provides us with the ability to focus on your tools value, while a partner organization is laser focused on the security of your data. Our commitment to you is to keep your information as secure as possible. This commitment is prioritized more than anything else. We do not trade convenience for proper information security.
Encryption
Your data is encrypted at rest, in transit, and with bank-level encryption (SHA-256 and AES-256).
This means that the information looks like gibberish to anyone that does not have the encrypted key to decode the information. Even the AWS servers where your information is securely stored cannot view any of your information without the encryption key that rests with your account. Only authorized parties (you and your organization) can view your information.
Backups
Your information is backed up on multiple servers and in multiple locations (still encrypted). This provide you with redundancy and information integrity should disaster strike. Many think that it is a good idea to create expensive server rooms to consolidate information into one location. If that location is ever compromised by bad actors, a natural disaster, or just a mistake, your information is gone. We employ active backups where your information can be restored quickly should you lose it and archives that store information long-term. We also provide the ability to export your critical data to spreadsheets as well as customer service personnel that can assist you.
To request backups contact us through the support form in predictions.
Redundancy
We never rely on one single point of failure when it comes to your data. If a database goes down, we have others that are activated immediately, providing a seamless transition that you likely will not notice. We also store critical data in physical, offline, and secure locations, still encrypted as promised in our commitment to you.
Infrastructure
Your data is stored on Amazon Web Services (AWS) servers. Most commercial and government organizations store information on either Azure (Microsoft) or AWS (Amazon) servers. These organization cannot view your data because they do not possess the encryption key to encrypt or decrypt your data. If anyone were ever to find a way to look at your data, it would look like random numbers, letters, and characters, still encrypted with SHA-256 and AES-256, bank level encryption.
By using AWS as our storage provider, you are provided state of the art security and compliance standards and tools that fortune 500 companies and even governments trust to maintain data integrity. AWS is continuously audited and accredited by various organization around the world. AWS mitigates DDoS through their robust platforms built in tools that can stop most attacks and quickly recover should an attack be successful.
AWS is considered the industry leader in cloud services.
Our third party provider (Knack), undergoes an annual audit with a third-party to attest to higher security standards and practices as a SOC 2 Type II certified provider.
Knack employs firewalls to protect every virtual server, database, and load balancer to ensure that only authorized traffic is accessing those resources.
Policies
Privacy Policies
We maintain a privacy policy that is updated and review consistently to comply with industry standards and best practices. You can view our policy here and our third party providers here.
You own your data and are responsible for maintaining it. We do not own it, nor can we view it without permission from your organization. The only reason for Morton Executive Decisions (Predictions parent company) to view your data would be to advise, at your request, on a specific task. This would require a consulting agreement, non-disclosure agreement, and scope of work agreement.
We also may need to make updates to Predictions which would require limited IT staff to have access to your records. These trusted staff are required to sign confidentiality documents and non-disclosures and are limited to 1-2 senior level managers at Morton Executive Decisions. Even with the need to gain access to your data, they would have no reason to view the data as ficticious test accounts are set up to make updates and add features to Predictions. All logins, views, and changes are time/date stamped and tracked for reference.
Any third party vendors that you share information with do not fall under our privacy policy or terms of service. It is important to know that anything you share with vendors through Predictions would fall under your own organizations service terms.
Access Policies
All access by our third party provider employees to customer data is governed by a secure virtual private network. This access is monitored and can be revoked at any time, so even a stolen laptop presents no privacy risks. Knack engineers work in a development environment that is completely separated from any live data. This way no bugs or errors have even the slightest potential to affect your data. Every access request to your data by a Knack employee is logged and time-stamped. We can confirm exact access by the Knack team to any data in the unlikely case that this log is needed.
Team Policies
Morton Executive Decisions and Knack employee signs non-disclosure and confidentiality agreements that provide legal backing for our obligation to keep your data private and confidential. Employees are all provided data security and standards training to ensure they employ best practices and mitigate the potential for mistakes. Morton Executive Decisions and Knack employees may need to access your data for support services. We only do this at your request and when necessary to resolve the issue to your satisfaction.
Features
On top of our internal standards and policies regarding information security, we also provide you with the ability to ensure your organization is able to protect your data. We do this through the implementation of two-factor authentication and password requirements. We also use roles and permissions that you can control in order to restrict views of what is necessary dependent on your teams need to know information. We can, at your request, and with an enterprise account, integrate your Active Directory or LDAP users for Single Sign On to limit access to your established users.
All passwords are double encrypted and hashed with a salt, that prevents dictionary attacks and add extra security to your login.
We also track all changes to any records with a time/date stamp in order to ensure compliance.
We welcome the opportunity to allow your organization to audit our security measure and are confident that we are providing a level of security well above industry standards. Please contact us at info@predictprotection.com with any concerns or questions regarding the security of your data.