Definitions:
DPO - Data Privacy Office
Client - XO Pandora contracted client
XO Pandora, acting as a data processor for client websites, adheres to the following data security protocols:
Data Storage
Local Storage:
All client data is stored locally on XO Pandora staff computer hard drives. These hard drives are protected by Apple Computer account login security including password security and biometric security features.
All XO Pandora staff computers are “logged out” upon completion of all work days. Laptops are securely stored at the XO Pandora offices at the end of the business day. All “remote” staff are required to secure their laptops containing client data in a fire proof lock safe within their residence upon completion of the work day. All lock safes keys are securely stored by “remote” staff with one key belonging to staff and one key belonging to XO Pandora.
No client data is stored on any “personal” devices owned by XO Pandora staff or contractors.
Mobile Storage:
Client data may be stored on XO Pandora staff mobile devices in the form of, but not limited to; e-mail, photos, documents, notes, voice memo’s, video. All XO Pandora staff mobile devices are secured by Apple Inc. biometric and password security methods. All passwords are generated by the DPO (Data Privacy Officer) of XO Pandora and never written, typed or printed in any physical manner.
All mobile devices are protected by two-step verification processes on top of of initial security methods.
No client data is stored on any “personal” devices owned by XO Pandora staff or contractors.
Cloud Storage:
XO Pandora uses Dropbox for cloud or remote storage needs and may contain client information in the form of, but not limited to; text documents, photos, videos, PDF’s, images (.jpg, .png, .gif, .tiff, .psd, .ai), excel spreadsheets. XO Pandora’s Dropbox account is protected by secure passwords assigned by the DPO as well as two-step verification methods in effect by Dropbox.
XO Pandora uses Google Drive for cloud or remote storage needs and may contain client information in the form of, but not limited to; text documents, photos, videos, PDF’s, images (.jpg, .png, .gif, .tiff, .psd, .ai), excel spreadsheets. XO Pandora’s Google Drive account is protected by secure passwords assigned by the DPO.
No client data is stored on any “personal” cloud accounts owned by XO Pandora staff or contractors.
Password Security
XO Pandora uses password security for, but not limited to; work station computers, laptop computers, mobile devices, cloud based accounts, e-mail accounts and third party software (SAAS, Cloud, local). All passwords are generated by the DPO and provide to staff as necessary. All passwords are changed quarterly. All passwords must meet “strong” standards by all password validity testing software.
All passwords are securely stored in a single location which is only accessible by the DPO.
Date Confidentiality
XO Pandora does not share any client information with other clients, general public, potential clients, seminar attendees or conference attendees. The potential act of sharing any client data outside of the immediate client must be approved with written consent by any XO Pandora client prior to sharing private, secure or confidential client information.
XO Pandora does not produce White Papers or Case Studies based on client data or information with expressed and written consent from that client.
Relationship Acknowledgment Advertising & Marketing
XO Pandora does reserve the right, as outlined in all contracts, to advertise the relationship with all clients in form of, but no limited to; website portfolio gallery, press releases, social media posts, conference or seminar talks, presentations, televised media, digital stream media, podcast media, recorded video media, recorded audio media, print materials or paid advertising.
Any client not willing to be potentially represented within XO Pandora advertising or marketing efforts must sign a special contract outside of all “Scope of Work” contracts presented before work begins on said clients project. This special contract may incur expenses and fees beyond the initial “Scope of Work” contract
We do store
XO Pandora does store client third party account login information via secure browser password storage or Apple Inc. “keychain” access technology including, but not limited to; hosting accounts, domain registrar accounts, e-mail marketing accounts, Google Analytics accounts, Google Adwords accounts, Google Tag Manager, social media accounts (Facebook, Twitter, Instagram, YouTube, etc.), ticketing accounts (Eventbrite, etc), online booking accounts, team collaboration accounts, cloud storage accounts.
This information may be stored on one or all of the following XO Pandora staff devices; workstation/desktop computers, laptop computers, mobile devices.
We do not store
XO Pandora does not store or have access to client credit card or banking institution information of any kind. XO Pandora does have access to client third party vendor/supplier accounts that do store credit card information but all credit card or banking information within these accounts is privately stored except for the potential last four digits of their payment method on file.
XO Pandora does not store client passwords in regards to: client private e-mail accounts.
XO Pandora does not store personal information regarding any client staff, business operations or financial operations.
Data Breach Protocol
In the situation of a data breach, XO Pandora employs the following protocols:
- Immediately notify all affected parties by e-mail or phone
- If possible, delete or erase all data sources
- Change all account passwords
- Make all attempts to scramble and encrypt breached data
- Remove staff or contractors from account access
- Destroy compromised devices or hard drives
- Change all locks, keys and physical security systems in place
- Remedy all “breach points” with expert staff or contractors
- Work with proper authorities regarding loss of data and data breach or trespassing laws
Physical Security
XO Pandora workstations and desktop computer are secured by ADT secured and monitored premises with a digital security system. XO Pandora offices are also monitored by Nest security cams with 30 day recordings stored digitally in the cloud.
Security Policy / Protocol Review
XO Pandora reviews all security methods and protocols semi-annually (January, July). XO Pandora continually seeks out new security methods and protocols to ensure internal and client data security.
Last update May 25, 2018