Skip to main content

Security

Data Security & Business Resiliency Statement

Last updated or reviewed: 6/25

We value the trust you place in us as custodians of your data. We take our responsibility to protect and secure your information and our business data seriously.

In the interest of transparency, this overview outlines how we safeguard data through our security and resiliency practices. For more detailed information on our data practices, please refer to our Terms of Service and Privacy Policy.

Physical Security

Propared’s technical infrastructure is hosted by Microsoft Azure. Physical security controls at our data centers include 24×7 monitoring, cameras, visitor logs, and entry requirements.

Encryption

Your data is encrypted in transit and at rest.

Backups and Resiliency

Your data is stored redundantly and backed up regularly.

Our servers automatically store multiple copies across independent sub-systems and multiple locations. Point-in-time restore backups occur automatically and are retained for 35 days.

Data is automatically replicated to geographically dispersed regions in multiple data centers.

Additional redundancy and resiliency are built into the application architecture, including (but not limited to) dynamic routing of traffic to avoid network congestion, application load balancing, and automatic failover.

Access & Password Controls

Our internal password policy requires strong, complex passwords and enforces access based on the principle of least privilege. Permissions are regularly revoked immediately upon employee termination.

Propared users are required to use strong passwords (minimum 16 characters). We no longer enforce scheduled password changes unless there is a reason to suspect compromise, in line with current security best practices.

PCI-DSS Compliance

Propared partners with a reputable third-party Credit Card Processor that is certified under the Payment Card Industry’s Data Security Standards (PCI-DSS Level 1), the highest standard for payment security. Sensitive payment data is encrypted in transit and at rest, with encryption keys rotated regularly or generated daily in accordance with industry best practices. You can read more about our payment processors here and here.

Security Policies

Propared maintains and regularly reviews its information security policies annually to ensure ongoing compliance with evolving legal, regulatory, and business requirements.

All employees are required to review and acknowledge these policies each year as a condition of continued access to company systems and data.

Personnel

Propared communicates its information security policies to all personnel and requires all employees to sign non-disclosure agreements as a condition of employment. Background checks are conducted during the hiring process for designated critical roles, subject to applicable laws and local jurisdictional requirements

All staff are also required to complete security awareness training at least annually, with more frequent reinforcement strongly recommended to promote ongoing vigilance around data protection and confidentiality.Vulnerability Management

Propared was intentionally built on a platform-as-a-service (PaaS) infrastructure to support patching and software updates for underlying servers and systems. This architecture helps ensure consistent protection against known security threats and system vulnerabilities. Regular monitoring and validation activities are performed to confirm that automated controls are correctly configured, active, and effective, as part of our broader vulnerability management strategy.

Development

Our development team follows secure coding practices aligned with industry standards. Developers receive formal training in secure web application development and data protection principles.

Development, testing and production environments are logically separated to prevent unauthorized access of data leakage.

All code changes are peer reviewed, version-controlled, and logged to support performance monitoring, auditing, and forensic investigation. Rollback procedures are in place to enable rabid remediation if needed.

Data Retention

We retain personal data only as long as necessary for the purposes it was collected and delete or de-identify it when no longer needed.

Legal Compliance

Our data handling practices comply with applicable data protection laws, including the GDPR and U.S. state privacy laws. For more information, please refer to our Privacy Policy.

International Transfers

When transferring personal data across borders, including outside the European Economic Area or the UK, we apply appropriate safeguards in accordance with applicable data protection laws. These may include Standard Contractual Clauses, adequacy decisions, or other approved mechanisms.

Data Subject Rights

Individuals may request access to, correction or deletion of, or a copy of their personal data by contacting [email protected]. We will respond to such requests in accordance with applicable data protection laws and regulations.

Propared does not sell or share personal data and does not use it for consumer profiling or targeted advertising.

Children’s Data

Propared does not knowingly collect or process personal data from children under the age of 13 (or 16 in applicable jurisdictions). If we become aware that such data has been collected inadvertently, we will take steps to delete it promptly in compliance with applicable law.

Incident Management & Response

Propared maintains incident response policies and procedures covering the initial response, investigation, customer notification, public communication, and remediation. These policies are reviewed regularly and updated as necessary following any incidents.

Breach Notification

While Propared implements robust security measures, no method of transmission over the internet or method of electronic storage can by 100% secure

In the event of a security breach, Propared will notify affected users without undue delay, consistent with applicable data protection laws, industry rules or standards applicable to us and contractual obligations.

Your Responsibilities

Protecting your data is a shared responsibility. We encourage all users to maintain strong account security by using complex, unique passwords and storing them securely, preferably in a password manager.

Users should also ensure that their personal devices are protected with appropriate security measures, such as up-to-date software, firewalls and antivirus tools. Never share your login credentials with others.

Customers are responsible for ensuring that all personal data entered into our platform is collected and submitted in compliance with applicable privacy laws and with proper consent from the individuals involved.

________________________________

Want to know more?

If you have any other security-related questions, please reach out to us at [email protected] or [email protected]