Legal / Security Practices and Policy
InfoPlus Security Practices and Policy
Version 2.0, January 2022
This policy outlines Infoplus Commerce's security practices and resources. It also identifies your security obligations. It is incorporated by reference into the Infoplus Commerce Terms of Service.
Written Information Security Program
You may request a copy of the Infoplus Written Information Security Program (WISP) at any time by submitting a support site ticket.
Our Obligations
Without limiting any provision of the Infoplus Commerce Terms of Service, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access, or disclosure.
Your Obligations
Our documentation may specify restrictions on how Applications may be built or configured. You agree to comply with any such restrictions as specified.
In addition, you are responsible for properly configuring and using the Services and taking your own steps to maintain appropriate security, protection, and backup of your Content, which may include the use of encryption technology to protect your content from unauthorized access and routine archiving of your content.
Infoplus Commerce access credentials and private keys generated by the Services are for your internal use only and you may not sell, transfer or sublicense them to any other entity or person, except that you may disclose your private key to your agents and subcontractors performing work on your behalf.
Pursuant to Section 2 of the Infoplus Commerce Terms of Service, you will not use the Services to create, receive, maintain, or transmit electronically protected health information, as defined in 45 C.F.R. § 160.103, without a “Business Associate Agreement” in place between you and Infoplus Commerce.
Reporting Security Vulnerabilities
If you have discovered a potential security vulnerability, please see our policy on Responsible Disclosure. We strongly prefer that you notify us in private via email at admin@infopluscommerce.com. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue.
Changes to this Security Practices and Policy
We may change these Security Practices and Policies from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Security and Practices Policy and, in some cases, where appropriate we may provide you with additional notice (such as adding a statement to the login screen or sending you an email notification). Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.
Contact Information
If you have questions regarding your obligations under this Policy, please email us at admin@infopluscommerce.com.