Account Information & Access
- Data is only accessible to each user individually once they login via email address and password. No user data is directly published publicly anywhere on our site.
- Email addresses, full user names or company names are never published anywhere on our marketing site. Names used in comments are only published with client consent and always have last name abbreviated (only first letter of last name shows). Company names are never published (marketing material only references client industries).
- Any account can be permenantly deleted if requested. Permenant removal includes the PanXpan account and any data associated with it. Contact us at [email protected] for permanent account deletion.
- Any user account that doesn't login for a year will be deleted (email notification will be sent prior to this informing user).
- Entire PanXpan site is SSL encrypted using 256 bit encryption where data is transferred over the internet securely using TLS (Transport Layer Security). This makes it very difficult for unathorized people to view your information as it travels across the internet.
- We always keep the software up to date using the latest versions of frameworks and tools.
- Protected architecture: SQL injection and XSS injection protection.
- User data protection: Error messages don't include user information, user passwords are inaccessible to our team (hash only storage) and no credit card info is stored on our systems.
- All data at rest is stored using AES-256 encryption. So even if data is accessed by unathorized users, it is not usable/viewable unless they have decrpytion keys.
- Only a limited PanXpan backend development team is able to access user data. Each team member has individual accounts where activity is logged. Login requires password and IP address authentication.
- All data storage is managed by Microsoft Azure data centers: ISO27001 and SAS 70 Type II certifications for data center processes. Data is stored in southwest United States with world-class physical security. Learn more here.
- Routine penetration testing is conducted.