The objective of this document is to highlight the safeguards put in place by MindTickle to prevent unauthorized access and loss of data.
MindTickle is committed to achieving and maintaining the trust of our customers.
Integral to this mission is providing a robust security and privacy program that carefully considers data protection matters across our suite of services, including data submitted by customers to our services.
1.1 Application Settings and Global Controls
MindTickle platform leverages multiple level security features to control user access.
- Domain Validation: Configurable to allow access to specific domains only.
- Email Validation: Configurable to allow access to only specific emails IDs within a domain.
- Closed loop verification: Activation emails for verification of email IDs.
1.2 Platform Security
MindTickle platform has a multi-layer architecture, and each layer is secured behind a data center firewall. Further, each layer has a unique security group and access policy defining the cross layer access and access from the outside world. This enhanced level of security is achieved by the following two features.
- Security Group: Sophisticated control is defined and practiced using this feature.
- Identity Access Management (IAM): The role based control of system/application/content is defined. Even end users have short lived federated credentials to access the contents.
1.3 Comprehensive Reporting and Audit Trails
MindTickle provides a comprehensive reporting and tracking mechanism to track all interactions with MindTickle data.
The MindTickle administrative dashboard gives training administrators a detailed view of user activity at an individual level. On request, a comprehensive audit trail of nearly every action or activity that occurs within MindTickle can be provided.
2.Data Privacy and Confidentiality
2.1 Content Security – Storage and Delivery
MindTickle employs industry best practices for data encryption for storage and delivery.
- AES-256 Encryption: After the transfer with SSL, content rests with 256-bit AES encryption.
- Federated Credentials: For a logged-in session, short-lived credentials are generated and used to sign every piece of content. For additional security, the signature is designed to expire after certain duration. The process is auto-repeatable to provide smooth user experience to the logged-in user.
- HTTPS Support: Application is throughout delivered on SSL.
- Secure Download & Streaming: Federated credentials are used to allow downloading. Further, DRM feature AES-128 encryption is used for video streaming.
2.2 Data Center Security and Availability
MindTickle’s cloud solution is hosted on AWS (Amazon Web Services) and is distributed across multiple zones. The IT infrastructure of AWS provides best security practices and variety of IT security standards. AWS is the most secure, advanced and trusted cloud infrastructure currently available in the market. Organizations such as SAP, SalesForce.com use AWS.
The security specification and certifications of AWS are as follows:
- Certifications: SOC1/SSAE 16/ ISAE 3402, SOC2, ISO27001 and others.
- A white paper on the security can be found here.
- With consistent point-in time backup, and auto-scale provide close to 99% availability.
2.3 Return of Customer Data
MindTickle provides the option for its customers to request an export of the corresponding customer specific data. In the event of a customer terminating the contract with MindTickle, a request can be made within 30 days of such termination. MindTickle will make available to such customer a facility for exporting user submitted text for performance summaries, feedback, recognition, and goals in an industry standard file format.
2.4 Deletion of Customer Data
After contract termination, Customer Data submitted to the MindTickle Services is retained in inactive status within the MindTickle Services for 180 days and a transition period of up to 30 days, after which it is securely overwritten or deleted. This process is subject to applicable legal requirements.
Without limiting the ability for customers to request return of their Customer Data submitted to the MindTickle Services, MindTickle reserves the right to reduce the number of days it retains such data after contract termination. MindTickle will update the ”Data Privacy and Platform Security Document” Specification in the event of such a change.
What we collect
We typically collect the following information:
- Email Address
- Department (Optional)
- Location (Optional)
- Interests (Optional)
- Other information relevant to training surveys. (Optional)
What we do with the information we gather
We require email address to grant access to the application. Other information is collected to enhance user experience by leveraging the social features of the application. The information also helps in providing a holistic report to the training administrator. User feedback is continuously accessed for validation and training improvement purposes.
We will never sell your information.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable procedures and technology to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. MindTickle platform stores only a few parameters in the cookies:
- ‘Remember me’ flag
- Flags to identify user visits to certain content.
All this information can’t be inferred without communicating with the server. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Links to other websites
Our application may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We Do Not Share Information with Third Parties
The information we collect is used to improve the quality of our service, and is not shared with or sold to other organizations for commercial purposes. That being said, your information could be shared under the following two limited circumstances.
In the event that we are acquired or a change of control of the company occurs (as part of a merger, divestiture or dissolution), we reserve the right, in any of these circumstances, to transfer or assign the information that we have collected from users as part of that merger, acquisition, sale or other change of control event.
We may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law or comply with legal process served on us or affiliated parties; (b) protect and defend our rights and property, our platform, the users of our platform, and/or our affiliated parties; (c) act under circumstances to protect the safety of users of our platform, us, or third parties.
If it becomes necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
Important!: The following types of sensitive personal data may not be submitted to the MindTickle Services: government-issued identification numbers; financial information (such as credit or debit card numbers, any related security codes or passwords, and bank account numbers); information related to an individual’s physical or mental health; and information related to the provision or payment of health care.
For clarity, the foregoing restrictions do not apply to financial information provided to MindTickle for the purposes of checking the financial qualifications of, and collecting payments from, its customers, the processing of which is governed by MindTickle’s online privacy statement.