Last updated: November 12, 2014
Tracument understands how important security and privacy are to professionals. Our business relies on exercising the utmost care in protecting the security of your Tracument account and the documents and payment information contained therein. We use industry leading security measures to make sure your information is stored and transferred securely.
Secure Socket Layer - We use up to 256-bit secure socket layer (SSL) encryption technology to encrypt all communications over the Internet. RapidSSL, a subsidiary of GeoTrust, is our service provider. See rapidssl.com for more information.
Our servers are hosted at CA Cloud, which is located in Canada and subject to Canadian security and privacy laws. All data is stored using 256 bit AES encryption. The security controls at CA Cloud are audited each year and the company obtains a SSAE 16 Type II (formerly SAS70) certificate.
Our datacentre uses four layers of firewalls to detect and prevent unauthorized traffic to our servers.
In order to ensure that the holder of a given account is actually the organization represented in our system, each new account is authenticated by a Tracument representative. This is done by confirming through personal contact or publicly available information that the organization is who they represent themselves to be.
Documents sent by secure email link by Tracument account holders to non-Tracument users are accessible by a one-time unique link and protected by a one-time password set by the sending party.
Fax transmissions are sent to our fax servers using SSL encryption. Only requests where the user selects fax as the delivery method will be transmitted in this way. No provided documents or Secure Send documents are ever transmitted by fax.
Mail requests are printed, handled, and mailed by Tracument staff or contractors. These workers are subject to confidentiality agreements. No documents sent by Quick Provide or by Secure Send are ever transmitted by mail.
When a providing firm uploads a document or set of documents, those documents cannot be viewed by the intended recipient until they have paid the accompanying invoice. Tracument collects these funds and disperses them at regular intervals to the providing party. Any payments received are secured in a CDIC insured account until they are dispersed.
All credit card transactions are tokenized and sent to Stripe for execution. Stripe is PCI Level 1 compliant, which is the most stringent credit card security certificate. We are PCI DSS compliant by virtue of this outsourcing. See https://stripe.com/help/security for more information.
All bank transfers are executed by CIBC through their secure online portal. Access to this portal is limited to directors of Tracument, and access codes are changed every sixty seconds by CIBC’s security services.
All documents uploaded to Tracument’s servers are stored in Canada. The documents are subject to Canadian information security and privacy protection laws.
Our servers are hosted at a secure location in Canada by Amazon Web Services, Inc. They use a variety of security controls to limit access to appropriate employees.
We offer password rotation for user accounts, which reduces the risk of password theft or mismanagement.
All passwords are encrypted on our servers, preventing unauthorized access to passwords.
We have three levels of users--owners, administrators, and regular users. This provides the owners of accounts to only grant access and controls to appropriate users.
Only the owner of the account and the uploading user are able to view the documents provided. This protects the privacy of provided information as other users from the providing company cannot view potentially sensitive information.
The Tracument system does not allow Tracument staff to access provided documents or documents sent through Secure Send. Tracument does have access to requesting documents and authorizations. All staff and contractors have signed confidentiality agreements in place.
If you have any questions about this document, or would like more information about how Tracument works to protect the privacy of its users, please feel free to contact us at 1.888.900.4701 or email us at firstname.lastname@example.org.