Version 2.0, January 2022
This policy outlines Infoplus Commerce's security practices and resources. It also identifies your security obligations. It is incorporated by reference into the Infoplus Commerce Terms of Service.
You may request a copy of the Infoplus Written Information Security Program (WISP) at any time by submitting a support site ticket.
Without limiting any provision of the Infoplus Commerce Terms of Service, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access, or disclosure.
Our documentation may specify restrictions on how Applications may be built or configured. You agree to comply with any such restrictions as specified.
In addition, you are responsible for properly configuring and using the Services and taking your own steps to maintain appropriate security, protection, and backup of your Content, which may include the use of encryption technology to protect your content from unauthorized access and routine archiving of your content.
Infoplus Commerce access credentials and private keys generated by the Services are for your internal use only and you may not sell, transfer or sublicense them to any other entity or person, except that you may disclose your private key to your agents and subcontractors performing work on your behalf.
Pursuant to Section 2 of the Infoplus Commerce Terms of Service, you will not use the Services to create, receive, maintain, or transmit electronically protected health information, as defined in 45 C.F.R. § 160.103, without a “Business Associate Agreement” in place between you and Infoplus Commerce.
If you have discovered a potential security vulnerability, please see our policy on Responsible Disclosure. We strongly prefer that you notify us in private via email at admin@infopluscommerce.com. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue.
We may change these Security Practices and Policies from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Security and Practices Policy and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the login screen or sending you an email notification). Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.
If you have questions regarding your obligations under these Security Practices and Policy, please email us at admin@infopluscommerce.com.
