Security Policy

Download a copy of this document

Last updated: January 31, 2018

Overview

Tracument understands how important security and privacy are to professionals. Our business relies on exercising the utmost care in protecting the security of your Tracument account and the documents and payment information contained therein. We use industry leading security measures to make sure your information is stored and transferred securely.

Network/Internet

Secure Socket Layer - We use up to 256-bit secure socket layer (SSL) encryption technology to encrypt all communications over the Internet. RapidSSL, a subsidiary of GeoTrust, is our service provider. See rapidssl.com for more information.

Data Storage

Our servers are hosted in Canada and subject to Canadian security and privacy laws. All data is stored using 256 bit AES encryption. These locations are certified to ISO27001, ISO27017, and ISO27108 standards, among others, and are audited continuously to attest to their compliance.

Firewalls

Our datacentre uses redundant firewalls to detect and prevent unauthorized traffic to our servers.

Account Verification

In order to ensure that the holder of a given account is actually the organization represented in our system, each new account is authenticated by a Tracument representative. This is done by confirming through personal contact or publicly available information that the organization is who they represent themselves to be.

One-time Login/Secure Email Link

Documents sent by secure email link by Tracument account holders to non-Tracument users are accessible by a one-time unique link and protected by a one-time password set by the sending party.

Fax Transmissions

Fax transmissions are sent to our fax servers using SSL encryption. Only requests where the user selects fax as the delivery method will be transmitted in this way. No provided documents or Secure Send documents are ever transmitted by fax.

Mail

Mail requests are printed, handled, and mailed by Tracument staff or contractors. These workers are subject to confidentiality agreements. No documents sent by Paywall or by Secure Send are ever transmitted by mail.

Payment Security

When a providing firm uploads a document or set of documents, those documents cannot be viewed by the intended recipient until they have paid the accompanying invoice. Tracument collects these funds and disperses them at regular intervals to the providing party. Any payments received are secured in a CDIC insured account until they are dispersed.

Credit Card Security

All credit card transactions are tokenized and sent to Stripe for execution. Stripe is PCI Level 1 compliant, which is the most stringent credit card security certificate. We are PCI DSS compliant by virtue of this outsourcing. See https://stripe.com/help/security for more information.

EFT/Bank Security

All bank transfers are executed by CIBC through their secure online portal. Access to this portal is limited to directors of Tracument, and access codes are changed every sixty seconds by CIBC’s security services.

Information Storage Location

All documents uploaded to Tracument’s servers are stored in Canada. The documents are subject to Canadian information security and privacy protection laws.

Physical Security

Our servers are physically hosted at geo-redundant secure locations in Canada. These locations are certified to ISO27001, ISO27017, and ISO27108 standards, among others, and use a variety of security controls to limit physical access to our information.

Built-in Application Security Features

Password Rotation

We offer password rotation for user accounts, which reduces the risk of password theft or mismanagement.

Password Encryption

All passwords are encrypted on our servers, preventing unauthorized access to passwords.

Role-based access

We have three levels of users--owners, administrators, and regular users. This provides the owners of accounts to only grant access and controls to appropriate users.

Limited Viewing Ability

Only the owner of the account and the uploading user are able to view the documents provided. This protects the privacy of provided information as other users from the providing company cannot view potentially sensitive information.

Limited Access to Documents

The Tracument system does not allow Tracument staff to access provided documents or documents sent through Secure Send. Tracument does have access to requesting documents and authorizations. All staff and contractors have signed confidentiality agreements in place.

Questions

If you have any questions about this document, or would like more information about how Tracument works to protect the privacy of its users, please feel free to contact us at 1.888.900.4701 or email us at info@tracument.com.