Security Policy.


Security is the primary goal at LiveEnsure.

LiveEnsure adheres to industry-standard security practices and methodologies.
LiveEnsure network and servers are secured and monitored with full redundancy and failover.
LiveEnsure software and services are developed using industry-standard security best practices.
LiveEnsure employees behave in accordance with industry security policies to ensure data safety.


Physical and Network Security.

All sensitive data is encrypted when stored on disk, in the cloud or transmitted over public networks.
Standard, well-respected cryptographic protocols like SSL are used when transferring data.
Security updates and patches are installed as soon as available and tested.
Application security settings and devices are configured by policy ensure appropriate levels of protection.
LiveEnsure cloud, site, portal and API are accessible via SSL certificates issued by NetworkSolutions.
LiveEnsure networks and environments are protected by VPN, firewalls and restrictive security policies.


Corporate Security Policy.

All access to data, including application data and encryption keys, is strictly controlled on a privileged basis.
Multi-factor authentication and strong password controls are required for administrative access to systems.
Security systems, networks, protocols and processes are tested and verified on a regular basis.
All access to secure services and data is strictly logged, reviewed and archived for 5 years.
Detailed incident response plans have been prepared to ensure proper protection of data in an emergency.


Disclosure.

We recognize the important contributions that our users, customers, partners and the security community can make. We want to encourage responsible reporting of problems with our service. If you believe you have discovered a problem with our service, please contact us.

LiveEnsure will respond to all reasonable reports of potential security problems, usually within 24 hours. Security is critical to us. By reporting problems to us in a responsible manner you enable us to address issues and protect our users in a timely fashion. We realize that legitimate and well-intentioned researchers are often blamed for the problems they discover. In the spirit of responsible reporting practices, we pledge to not bring legal action against researchers in response to a disclosure, provided they:

  • Immediately disclose the full details of any problems found with us through a private channel.
  • Do not disclose the issue publicly until we have had a reasonable amount of time to address it.
  • Do not intentionally harm the experience or usefulness of the service to others.
  • Never attempt to view, modify, extract or affect data belonging to others.
  • Do not seek compensation or reward for the report from anyone.

This covenant is intended to balance the protections and guarantees necessary to encourage responsible disclosure against our own requirements and responsibilities for data security. It is not an invitation to test the security of our service without authorization. If you have any questions about this, or have any doubts about whether your tests are appropriate, please
contact us before proceeding.