Grow with us

We are committed to your privacy. We take great care to protect the privacy of your information when we host your data on our servers.

This Privacy Statement is intended for users of our hosted service. A separate Privacy Policy for Website Visitors addresses the privacy needs of visitors to our website.

The Hosting Privacy Policy Statement applies to our customers who choose our cloud hosted service. In this document, the term "Customer Information" means information about your end users stored on our servers. The term "Customer" refers to the company (you) that contracts with us for hosted service. This privacy statement should be read in conjunction with the Hosted Service Level Agreement, which contains further provisions relating to Customer Information.

Customers are hosted on either the secure facilities at vXchnge or AWS, depending on which Hosted Service option you choose. For more information about your Hosted Service options, refer to our Hosted Service Datasheet.

We will not use customer information for the purposes of marketing to, or otherwise communicating directly with your end users, or provide customer information to any third party, unless we are required to do so in order to comply with the law. In short, we will never access customer information at all, unless specifically requested to do so by the customer who owns that information in order to assist in troubleshooting some problem with the hosted service.

If you have any questions or concerns with respect to this Statement, please .


Cookies

A cookie is a small text file containing a unique identification number that is transferred from a web server to the end user's browser, enabling the serving party to track the website activities of the end user. We do not issue any cookies which enable third parties to track the activities of your end users. Our software uses a cookie only to identify a user's login name so that users may log in to multiple browser windows without requiring additional user licenses.


Security

All hosted server environments meet the following physical security requirements:

  • Single point of entry to hosting areas
  • Primary monitored access with additional access for emergency purposes only
  • Surveillance cameras in use
  • Biometric identity check for access validation
  • Access only to people on the Agiloft approved access list

All hosted environments also meet the following electronic security conditions - login validation; secure SSH (encrypted) connections to access servers; servers running behind secure firewall.

All information transmitted to or from Agiloft over the internet is encrypted using SSL.

All hosted data is backed up at least once every 4 hours. These backups are stored separately in two secure locations to assist with preserving data and auditing changes.

All customer data is encrypted at rest.

Agiloft imposes strict internal controls over those of its employees with access to Customer Information. Such access is granted only on a need-to-know basis


Correction/Updating of Customer Information

Our software is configured to enable you to give your end users the means to access their own personal information for the purposes of deleting it, and/or correcting it.


EU-U.S. Privacy Shield Framework Certification

Agiloft, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Please see Agiloft, Inc.’s Notice of Certification Under the EU-U.S. Privacy Shield Framework.


GDPR Compliance

The GDPR codifies the data privacy rights of not just EU citizens but also of anyone whose personal data is collected or processed in the EU. It puts new obligations on anyone who handles EU-based personal data. As a platform that customers may use to store and manage EU-based data, Agiloft meets the data protection standards defined by the GDPR for data processors. Agiloft is committed to clearly defining our responsibilities to our customers under GDPR as well as providing guidance to define customers’ responsibilities to end users while using our platform. For more information, see our GDPR: What You Need to Know whitepaper.


HIPAA Compliance

Among other things, the Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of health information that is held or transferred in electronic form. At Agiloft, we support the requirements and chain of accountability required by HIPAA. Beginning with certifications and agreements with our infrastructure providers at AWS and vXchnge, we extend the chain of accountability in agreement with our HIPAA regulated customers. For further information about HIPAA, see https://www.hhs.gov/hipaa/index.html.


Changes to Privacy Policy

Agiloft will update this policy from time to time. A "last revised" date will always be included on the bottom of the statement. To keep up-to-date with Agiloft's policy, please check this page periodically.


Contacting Us

If you have any questions about this Statement, or our practices as they affect the privacy of hosted data, please contact us.

Last revised: 05/28/2018