Ensuring the privacy and security of our customer’s data is important to us. GradeCam secures customer data in the following ways:
Remote Data Access and Transit
- GradeCam provides a multi-faceted security approach that includes physical, network, web, system, application, and data security to protect our customer’s data from intrusion and unauthorized access.
- GradeCam requires users to create a unique username and password that is always required to access the user’s data.
- Upon login, the user is issued a session ‘cookie’ that is only used to record encrypted authentication information for the duration of the session. The session cookie does not include either the username or the password of the user.
- All data transmitted between a User’s browser and our servers is encrypted using current TLS protocols, using the most secure connection that the browser will support.
- Idle sessions are automatically logged out after 20 minutes of inactivity.
Data Storage
- All US customer data is stored in data centers located in the United States. These data centers comply with SOC2, SSAE 16 and HIPAA audit requirements. The latest reports for these certifications can be provided on request.
- Our servers are protected by firewalls.
- Physical access to our servers is strictly limited to authorized personnel and requires Multi-Factor authentication, requiring a PIN + RFID card or biometric identification.
- The data centers are under 24/7 surveillance with security guards on-site and all access to the premises is logged.
