Effective on: February 1, 2019

Weave Marketing Intelligence is committed to providing best-in-class marketing services, software, tools, reporting, automation, and platforms with intelligence “weaved-in” for reaching your audience.  In support of this commitment, Weave Marketing Intelligence has developed information security risk management policies to reasonably ensure the confidentiality, integrity, and availability of Your Data that You upload to the Weave Marketing Intelligence Service.  This Data Security Statement (the “Statement”) describes some of the security controls that Weave Marketing Intelligence has implemented pursuant to those policies.  This Statement applies to the Weave Marketing Intelligence Service but not necessarily to the other related services provided by Weave Marketing Intelligence or to our publicly accessible websites.

Capitalized terms used in this Statement but not defined herein shall have the meaning given to them in the Weave Marketing Intelligence Subscription Use Agreement.

Audits and Certifications

Weave Marketing Intelligence has completed and/or maintains the following data protection audits and certifications:

PCI DSS

Weave Marketing Intelligence’s designated card processor has completed a PCI DSS level-one onsite assessment and was validated by SecurityMetrics against the Payment Card Industry Data Security Standards.  A Certificate of Compliance has been issued and is available to anyone upon request.  Please contact legal@malletmarketing.com to request this documentation.

Infrastructure

Some of the infrastructure that Weave Marketing Intelligence uses to host Your Data is owned and controlled by Weave Marketing Intelligence and the remaining portions of the infrastructure are provided by carefully selected third party service providers.

In some cases Your Data that You submit to the Weave Marketing Intelligence Service is stored in a primary data center and is replicated in near-real-time to a secondary data center.  The secondary data center is provisioned with sufficient computational, network, and storage resources to replace the functionality of the primary data center, and restore the Weave Marketing Intelligence Service if required.

The secondary data center is geographically remote from the primary data centers.

Vendor Risk Management

In cases where Weave Marketing Intelligence engages third party colocation service providers and infrastructure service providers (the “Data Center Providers”), Weave Marketing Intelligence ensures that those Data Center Providers have recently completed a Service Organization Controls (SOC) 2 Type II audit.  Additionally, those third parties are contractually obligated to maintain the confidentiality of Your Data to the fullest extent allowed by applicable law.

Physical Security Controls

  • Access to the Data Center Providers’ data center facilities is restricted to authorized personnel only.
  • The Data Center Providers’ data center facilities are secured by professional security guards.
  • A physical access control system (ID card and/or biometric) has been implemented at entry and exit points of the Data Center Providers’ data center facilities.
  • All visitors must be escorted by an employee of the Data Center Providers or, in some cases, a permanent badge-holder at all times when visiting the Data Center Providers’ data center facilities.

Availability and Disaster Resistance

  • The Data Center Providers’ data center facilities are designed, built, and maintained to withstand reasonably foreseeable adverse weather and other natural conditions.
  • Processing capacity is monitored on a daily basis.
  • The Data Center Providers have installed and maintain at least the following environmental protections:
    • Cooling systems
    • Battery-powered backup electrical supply and/or backup electrical generators
    • Redundant communications lines
    • Smoke/fire detectors
    • Automatic fire suppression systems
  • The status of environmental protections is continuously monitored by the Data Center Providers.
  • Environmental protections are tested and maintained regularly by the Data Center Providers.

Weave Marketing Intelligence’s Data Security Controls

Technical Security Controls

Weave Marketing Intelligence maintains at least the following technical security controls and policies:

  • Weave Marketing Intelligence-authored and extended or third-party software applications and IT systems have been vetted, they are regularly scanned/monitored for vulnerabilities.
  • External points of connectivity in the Weave Marketing Intelligence application architecture are protected by firewall(s).
  • Extended Network and database activity is logged and actively monitored for potential security events including intrusion.
  • Weave Marketing Intelligence user passwords are stored in a one-way hash.

Administrative Security Controls

Weave Marketing Intelligence maintains at least the following administrative security controls and policies:

  • Physical and logical access to IT systems that process Your Data is limited to those officially authorized persons with an identified need for such access.
  • 2FA, two factor authentication is the primary and preferred methodology for login credential user integrity, and is leveraged whenever available and appropriate, not limited to internal, external, partner, and client access

Data Protection Director Weave Marketing Intelligence has appointed a data protection director. You may contact Weave Marketing Intelligence’s data protection director by email at jack@malletmarketing.com.

© 2019 Mallet Marketing LLC.  Any rights not expressly granted herein are reserved by Weave Marketing Intelligence.