No. We use the data you provide us about your customers only to provide your services and for no other purpose.
We securely encrypt your passwords. Passwords are one-way encrypted using the bcrypt algorithm, with a random salt for each password. This means that only the original creator of the password knows its value. This type of encryption is extraordinarily difficult to break. When passwords must be retrieved, public/private key encryption is used, with a key length of 4096 or greater. Access and retention of passwords are strongly controlled and logged.
DonePronto does not store credit card numbers and security information. If you provide a credit card number to purchase a service, it is turned into a secure token by our credit card processing company. We only store the secure token on our systems. We DO NOT collect or store personal financial data, Social Security Numbers, National Insurance numbers, or government-issued ID numbers of any kind.
Our customer data is stored on secure servers in the United States on a secure cloud computing platform at AWS.
DonePronto solutions are rated as Enterprise-Ready by the prestigious Skyhigh Networks CloudTrustâ„¢ program. Services with this designation satisfy the most stringent Cloud Security Alliance (CSA) requirements for data protection, identity verification, service security, business practices and legal protection.
The AWS cloud infrastructure represents that it has been designed and is managed in alignment with regulations, standards, and best practices, including:
Yes. A proven, standard algorithm with at least a 1024-bit key is used for all communications between cloud servers.
Yes. Our products are HIPAA complaint, with employees required to complete HIPAA. Our Business Associates Agreement is available upon request and online.
Yes. DonePronto is PCI DSS 3.1 Compliant.