LAST UPDATE: August 28, 2017
Information we collect
We may collect the following categories of Personal Information, including but not limited to:
- Registration information: When you register for the Service, you will be asked for basic registration information, such as an email address and password.
- Identification information: You may also be asked to provide identification information including your first and last name, business name, address or location, and phone number.
- Client information: You may input your client personal and financial information such as first and last name, gender, date of birth, marital status, employment status, income, expenses, savings, financial goals, assets, social security benefits, etc.
- Payment account information: We receive the payment amount and the last four digits of your credit card number or other payment method from Square, the service you used to pay for the Services. We do not receive any other information from Square.
- Technical and navigational information: We collect information about your interaction with our Site such as computer browser type, pages visited, average time spent on our Site, IP address, unique identifier of the device, operating system version and app version.
- Other information: We may request or receive other information such as feedback, questions, comments, suggestions, or ideas to provide you with other benefits or to improve upon the Service. In such instances, you will be given the opportunity to provide or decline providing such information.
How we use the information we collect
How we disclose Personal Information
We will not, without your permission, sell, publish, or share Personal Information to third parties for their marketing or other purposes, except that we reserve the right to share or disclose Personal Information (1) with regulatory, governmental or law enforcement authorities to respond to subpoenas, court orders, or legal process, (2) to investigate, prevent, defend against, or take other action regarding violations of our Terms of Service, illegal activities, suspected fraud, or situations involving potential threats to the legal rights or physical safety of any person or the security of our network, Sites or Services, (3) to respond to claims that any posting or other content violates the rights of third parties, (4) in an emergency, to protect the health and safety of our Sites’ users or the general public, or (5) as otherwise required by any applicable law.
We may share your Personal Information with our employees and third party service providers to enable them to assist in fulfilling the requests you make or the transactions you conduct via the Site, including the operation of certain Site functions and Services (e.g., our email service providers, and payment processors). Our employees and the third parties acting on our behalf that are given access to your Personal Information are contractually obligated to protect this information and only use it to provide their services.
To help operate the Site, enhance your experience, and collect information about online activity, we may place small data files on your computer or other device. These data files may be in the form of cookies, pixel tags, local shared objects, or other similar technologies. Cookies and similar technologies enable us to personalize our Site and Service for you. These technologies may allow us to store and manage your preferences and settings, measure and analyze how you use our Site and effectiveness of our communications, offer targeted products, programs and services, and help us improve our products, services, and security.
Do Not Track notice
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (DNT) mechanisms, we do not respond to any browser-based DNT signals.
Links to Other Websites
Protection of Personal Information
We have security practices and procedures in place to prevent unauthorized use or access to Personal Information. Within JourneyGuide, Personal Information is only available to those individuals requiring access to service your account. We follow generally accepted industry standards to protect the Personal Information submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is completely secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can email us at firstname.lastname@example.org. For more information about our security protocols, please see our Security Statement.
Changes to Personal Information
You may access, review, and update much of the information you have submitted to us at any time via the Site or Service.
You may choose to close or request that we delete your account for the Service at any time. We will use commercially reasonable efforts to remove your information, although some information may be retained. For example, some information may be retained on a backup server or media, which is necessary to help ensure continued availability of our Service.
LAST UPDATE: January 18, 2018
JourneyGuide’s physical infrastructure is hosted and managed within Microsoft’s secure data centers and utilizes Microsoft Azure technology. Microsoft’s data center operations have been accredited under:
(Image from Microsoft Trust Center)
For additional information see: Microsoft Trust Center
JourneyGuide utilizes Microsoft certified data centers in Azure located within the continental United States.
Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is designed to run continuously and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These datacenters comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.
For additional information see: Microsoft Azure Data Center Fact Sheet
Microsoft conducts regular penetration testing to improve Azure security controls and processes.
Azure has a defense system against Distributed Denial-of-Service (DDoS) attacks on Azure platform services. It uses standard detection and mitigation techniques. Azure’s DDoS defense system is designed to withstand attacks generated from outside and inside the platform.
JourneyGuide maintains a strict patch management procedure ensuring all systems are running the most current and stable software. In addition to the penetration testing conducted by Microsoft, JourneyGuide conducts vulnerability scanning of systems to detect any deficiencies and remediate in a timely manner.
Firewalls are used to restrict access between JourneyGuide systems both internally and externally. Only specified ports and services are opened allowing access, thus providing a secure connection. Firewall configurations are reviewed annually to ensure optimal security standards are met.
All data transmission between your computer and our servers is encrypted, using industry-standard HTTPS protocol. Additionally, all data with us is encrypted at rest using TDE.
Our SSL certificate uses 2048-bit asymmetric and 256-bit symmetric encryption.
All databases are backed up daily and stored in a secure location. In addition to database backups, we regularly take snapshots of servers hosting JourneyGuide.
Utilizing Microsoft Azure Technology along with the rigorous backup strategy allows JourneyGuide to recover quickly in a disaster scenario. Leveraging the Azure technology sets forth the ability to replicate and/or restore between various geographical datacenters.
JourneyGuide has no access to your credit card information. Credit card processing is handled by a third-party provider that adheres to PCI Data Security Standard (PCI-SSS).