Let's See What's Possible

Security Practices and Policy

last updated Nov 2018

This policy outlines Infoplus Commerce’s security practices and resources. It also identifies your security obligations. It is incorporated by reference into the Infoplus Commerce Terms of Service.

Written Information Security Program
You may request a copy of the Infoplus Written Information Security Program (WISP) at any time by submitting a support site ticket.

Our Obligations
Without limiting any provision of the Infoplus Commerce Terms of Service, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.

Your Obligations
Our documentation may specify restrictions on how Applications may be built or configured. You agree to comply with any such restrictions as specified.

In addition, you are responsible for properly configuring and using the Services and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content.

Infoplus Commerce access credentials and private keys generated by the Services are for your internal use only and you may not sell, transfer or sublicense them to any other entity or person, except that you may disclose your private key to your agents and subcontractors performing work on your behalf.

Pursuant to Section 2 of the Infoplus Commerce Terms of Service, you will not use the Services to create, receive, maintain, or transmit electronic protected health information, as defined in 45 C.F.R. § 160.103, without a Business Associate Agreement in place between you and Infoplus Commerce.

Reporting Security Vulnerabilities
If you have discovered a potential security vulnerability, please see our policy on Responsible Disclosure. Notify us by submitting a support site ticket. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue.