The Use of Your Information
Customers of BoardEvals use the Company’s services to host data and information (“Customer Data”). BoardEvals will not review, share, distribute, or reference any such Customer Data except as provided in the BoardEvals Master Subscription Agreement, or as may be required by law. BoardEvals does not share, sell, rent, or trade personally identifiable information with third parties for their promotional purposes. Individual records of Customer Data may be viewed or accessed only for the purpose of resolving a problem, support issues, or suspected violation of the BoardEvals Master Subscription Agreement, or as may be required by law.
The Security of Your Information
BoardEvals provides each User in your organization with a unique user name and password that must be entered each time a User logs on. BoardEvals issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. BoardEvals does not use "cookies" to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
We use security measures (such as encryption technology) to protect your information including the Personally Identifiable Information that we transmit and store. BoardEvals employs the following measures to secure data:
(i) Database level security — measures designed to prevent unauthorized users from accessing or modifying the data at the database level.
(ii) System level security — measures designed to prevent unauthorized access to the systems that the database runs on, and to all systems that can access the database.
(iii) Network level security — The database is designed to be inaccessible to the public Internet. No machine that can directly access the database can be directly accessed from the Internet.
(iv) Firewall — designed to prevent unauthorized access to the network, and to protect against attacks.
(v) Intrusion Detection systems — designed to alert us to any attack that might get past the network security and firewall, so that the attack can be stopped.
(vi) Physical security — Measures designed to ensure that the machines that can access the database are physically secured so that only the operations team can access them.
We also prohibit our employees from accessing your Personally Identifiable Information except on a need to know basis, and even then only under confidentiality agreements. Our engineers review the security measures on a regular basis to update and strengthen these protections. No security measures are completely fail-safe or impervious to circumvention. We are not responsible for events beyond our control, including without limitation, the malicious acts or willful misconduct of hackers or any other person.