Intrusion Countermeasures and Data Security
Fund-R utilizes a server which employs the following intrusion countermeasures designed to mitigate security breaches:
- All sensitive data which requires being stored is encrypted using AES-256 encryption.
- Access to this application is encrypted with an Extended Validation SSL with 4096-bit encryption.
- Brute force attacks are immediately blocked by our firewall.
- OpenSSL is patched against the "Heartbleed" bug.
- Anti-virus software is constantly running and being monitored.
- Data center is monitored 24 hours a day.
- Card data is sent securely off-site for processing by a third-party processor. Card information is not stored; only a "token" which represents a transaction is stored.
How We Protect your Personal Information
Fund-R prides itself on relationships based on integrity and trust, and the privacy of our customers’ personal information is of the utmost importance to us. We maintain a comprehensive Privacy and Information Security Program (“Program”) of which Information Security is an integral part. The Information Security aspect of our Program includes administrative, technical, and physical safeguards that are reasonably designed to safeguard the security, confidentiality, and integrity of the personal information of our customers. Some of the central features of our Program are:
- The use of policies and standards to govern information technology resources, protect information assets, and safeguard personal information;
- The use of technology, where reasonable and appropriate, such as firewalls and encryption;
- Testing and ongoing vulnerability scanning of online customer applications;
- Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
- Maintaining access controls which are reasonably designed to restrict such access to employees with a legitimate business need;
- Taking reasonable steps to select and retain service providers capable of protecting personal information in accordance with Fund-R policies and standards, and applicable legal and regulatory requirements;
- Requiring service providers by contract to implement and maintain reasonable safeguards consistent with Fund-R policies and standards and applicable legal and regulatory requirements;
- Reviewing, assessing and updating our security practices at reasonable intervals and in light of emerging risks and developments;
- Maintaining reasonably designed policies and procedures intended to prevent, monitor, identify, investigate, and respond to suspected information security incidents that may impact the confidentiality, security or integrity of personal information; and
- Providing notification, where appropriate, to impacted individuals in the event the investigation of a particular incident results in a finding that personal information may have been subject to unauthorized access, acquisition, disclosure or use.