Last updated: January 31, 2018
Tracument understands how important security and privacy are to professionals. Our business relies on exercising the utmost care in protecting the security of your Tracument account and the documents and payment information contained therein. We use industry leading security measures to make sure your information is stored and transferred securely.
Secure Socket Layer - We use up to 256-bit secure socket layer (SSL) encryption technology to encrypt all communications over the Internet. RapidSSL, a subsidiary of GeoTrust, is our service provider. See rapidssl.com for more information.
Our servers are hosted in Canada and subject to Canadian security and privacy laws. All data is stored using 256 bit AES encryption. These locations are certified to ISO27001, ISO27017, and ISO27108 standards, among others, and are audited continuously to attest to their compliance.
Our datacentre uses redundant firewalls to detect and prevent unauthorized traffic to our servers.
In order to ensure that the holder of a given account is actually the organization represented in our system, each new account is authenticated by a Tracument representative. This is done by confirming through personal contact or publicly available information that the organization is who they represent themselves to be.
Documents sent by secure email link by Tracument account holders to non-Tracument users are accessible by a one-time unique link and protected by a one-time password set by the sending party.
Fax transmissions are sent to our fax servers using SSL encryption. Only requests where the user selects fax as the delivery method will be transmitted in this way. No provided documents or Secure Send documents are ever transmitted by fax.
Mail requests are printed, handled, and mailed by Tracument staff or contractors. These workers are subject to confidentiality agreements. No documents sent by Paywall or by Secure Send are ever transmitted by mail.
When a providing firm uploads a document or set of documents, those documents cannot be viewed by the intended recipient until they have paid the accompanying invoice. Tracument collects these funds and disperses them at regular intervals to the providing party. Any payments received are secured in a CDIC insured account until they are dispersed.
All credit card transactions are tokenized and sent to Stripe for execution. Stripe is PCI Level 1 compliant, which is the most stringent credit card security certificate. We are PCI DSS compliant by virtue of this outsourcing. See https://stripe.com/help/security for more information.
All bank transfers are executed by CIBC through their secure online portal. Access to this portal is limited to directors of Tracument, and access codes are changed every sixty seconds by CIBC’s security services.
All documents uploaded to Tracument’s servers are stored in Canada. The documents are subject to Canadian information security and privacy protection laws.
Our servers are physically hosted at geo-redundant secure locations in Canada. These locations are certified to ISO27001, ISO27017, and ISO27108 standards, among others, and use a variety of security controls to limit physical access to our information.
We offer password rotation for user accounts, which reduces the risk of password theft or mismanagement.
All passwords are encrypted on our servers, preventing unauthorized access to passwords.
We have three levels of users--owners, administrators, and regular users. This provides the owners of accounts to only grant access and controls to appropriate users.
Only the owner of the account and the uploading user are able to view the documents provided. This protects the privacy of provided information as other users from the providing company cannot view potentially sensitive information.
The Tracument system does not allow Tracument staff to access provided documents or documents sent through Secure Send. Tracument does have access to requesting documents and authorizations. All staff and contractors have signed confidentiality agreements in place.
If you have any questions about this document, or would like more information about how Tracument works to protect the privacy of its users, please feel free to contact us at 1.888.900.4701 or email us at firstname.lastname@example.org.