Privacy Policy

LAST UPDATE: August 28, 2017

JourneyGuide, Inc. (“JourneyGuide”) is committed to protecting the information of those who register to use the JourneyGuide Service (“Users” or “You”) and their clients. This Privacy Policy describes JourneyGuide’s privacy practices regarding such information. Unless specifically defined, terms used throughout this policy have the same definitions as those given in the JourneyGuide’s Terms of Service.

Information we collect

We may collect the following categories of Personal Information, including but not limited to:

  • Registration information: When you register for the Service, you will be asked for basic registration information, such as an email address and password.
  • Identification information: You may also be asked to provide identification information including your first and last name, business name, address or location, and phone number.
  • Client information: You may input your client personal and financial information such as first and last name, gender, date of birth, marital status, employment status, income, expenses, savings, financial goals, assets, social security benefits, etc.
  • Payment account information: We receive the payment amount and the last four digits of your credit card number or other payment method from Square, the service you used to pay for the Services.  We do not receive any other information from Square.
  • Technical and navigational information: We collect information about your interaction with our Site such as computer browser type, pages visited, average time spent on our Site, IP address, unique identifier of the device, operating system version and app version.
  • Other information: We may request or receive other information such as feedback, questions, comments, suggestions, or ideas to provide you with other benefits or to improve upon the Service. In such instances, you will be given the opportunity to provide or decline providing such information.

How we use the information we collect

We use Personal Information to respond to your inquiries about our Services; analyze Site usage and improve the Services provided through the Sites; deliver to you any administrative notices or alerts and communications relevant to your use of the Services; offer you other products, programs, or services that we believe may be of interest to you; troubleshooting problems, analysis of user behavior, marketing and promotions; detect and protect against errors, fraud, or other criminal activity; and enforce our Terms of Service and as otherwise set forth in this Privacy Policy.

How we disclose Personal Information

We will not, without your permission, sell, publish, or share Personal Information to third parties for their marketing or other purposes, except that we reserve the right to share or disclose Personal Information (1) with regulatory, governmental or law enforcement authorities to respond to subpoenas, court orders, or legal process, (2) to investigate, prevent, defend against, or take other action regarding violations of our Terms of Service, illegal activities, suspected fraud, or situations involving potential threats to the legal rights or physical safety of any person or the security of our network, Sites or Services, (3) to respond to claims that any posting or other content violates the rights of third parties, (4) in an emergency, to protect the health and safety of our Sites’ users or the general public, or (5) as otherwise required by any applicable law.

We may share your Personal Information with our employees and third party service providers to enable them to assist in fulfilling the requests you make or the transactions you conduct via the Site, including the operation of certain Site functions and Services (e.g., our email service providers, and payment processors). Our employees and the third parties acting on our behalf that are given access to your Personal Information are contractually obligated to protect this information and only use it to provide their services.

We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online promotions or analyze Site activity. We may permit these service providers to use cookies and similar technologies to perform these services. For example, we may use service providers such as Google Analytics on parts of the Site to determine age, gender, interest and other data to better serve our customers.

How we use cookies and similar technologies

To help operate the Site, enhance your experience, and collect information about online activity, we may place small data files on your computer or other device. These data files may be in the form of cookies, pixel tags, local shared objects, or other similar technologies. Cookies and similar technologies enable us to personalize our Site and Service for you. These technologies may allow us to store and manage your preferences and settings, measure and analyze how you use our Site and effectiveness of our communications, offer targeted products, programs and services, and help us improve our products, services, and security.

You can generally accept or decline the use of cookies through a functionality built into your web browser. Please note that if you do elect to disable your web browser’s ability to accept cookies, you may not be able to access or take advantage of many features of the Site.

Do Not Track notice

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (DNT) mechanisms, we do not respond to any browser-based DNT signals.

Links to Other Websites

This Privacy Policy applies only to the Site. This Site may contain links to other web sites not operated or controlled by JourneyGuide (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from this Site do not imply that JourneyGuide endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

Protection of Personal Information

We have security practices and procedures in place to prevent unauthorized use or access to Personal Information.  Within JourneyGuide, Personal Information is only available to those individuals requiring access to service your account.  We follow generally accepted industry standards to protect the Personal Information submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is completely secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can email us at support@journeyguideplanning.com.  For more information about our security protocols, please see our Security Statement.

Changes to Personal Information

You may access, review, and update much of the information you have submitted to us at any time via the Site or Service.

You may choose to close or request that we delete your account for the Service at any time. We will use commercially reasonable efforts to remove your information, although some information may be retained. For example, some information may be retained on a backup server or media, which is necessary to help ensure continued availability of our Service.

We retain Personal Information as long as necessary to provide the services you have requested. Additionally, we may retain Personal Information to comply with law, prevent fraud, resolve disputes, trouble shoot problems, enforce our Terms of Use, and as permitted by applicable law.

Security Statement

LAST UPDATE: January 18, 2018

Data Centers

JourneyGuide’s physical infrastructure is hosted and managed within Microsoft’s secure data centers and utilizes Microsoft Azure technology. Microsoft’s data center operations have been accredited under:

(Image from Microsoft Trust Center)

For additional information see: Microsoft Trust Center

Infrastructure Protection

Physical Security

JourneyGuide utilizes Microsoft certified data centers in Azure located within the continental United States. 

Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is designed to run continuously and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.

For additional information see: Microsoft Azure Data Center Fact Sheet

Penetration Testing

Microsoft conducts regular penetration testing to improve Azure security controls and processes.

DDoS Protection

Azure has a defense system against Distributed Denial-of-Service (DDoS) attacks on Azure platform services. It uses standard detection and mitigation techniques. Azure’s DDoS defense system is designed to withstand attacks generated from outside and inside the platform.

Patch Management

JourneyGuide maintains a strict patch management procedure ensuring all systems are running the most current and stable software.  In addition to the penetration testing conducted by Microsoft, JourneyGuide conducts vulnerability scanning of systems to detect any deficiencies and remediate in a timely manner.

Firewalls

Firewalls are used to restrict access between JourneyGuide systems both internally and externally.  Only specified ports and services are opened allowing access, thus providing a secure connection.  Firewall configurations are reviewed annually to ensure optimal security standards are met.

Data Security

All data transmission between your computer and our servers is encrypted, using industry-standard HTTPS protocol. Additionally, all data with us is encrypted at rest using TDE.  

Our SSL certificate uses 2048-bit asymmetric and 256-bit symmetric encryption.

Backups

All databases are backed up daily and stored in a secure location.  In addition to database backups, we regularly take snapshots of servers hosting JourneyGuide.

Disaster Recovery

Utilizing Microsoft Azure Technology along with the rigorous backup strategy allows JourneyGuide to recover quickly in a disaster scenario.  Leveraging the Azure technology sets forth the ability to replicate and/or restore between various geographical datacenters.

PCI Security

JourneyGuide has no access to your credit card information.  Credit card processing is handled by a third-party provider that adheres to PCI Data Security Standard (PCI-SSS).

Modifications to our Privacy Policy and Security Statement

We change our privacy practices from time to time as the need arises. When we do, we will revise this Privacy Policy and/or Security Statement and post the revised policy or statement on our website.