Privacy Policy

Effective Date: September 07, 2020

1. Introduction

At miniOrange, we never compromise Security – We secure It Right!

Our primary goal is to have a secure connection between people and technology. miniOrange believes in creating products and services that are secure, resilient and assured. This privacy policy will let you know all the security policies and measures taken to protect the personally Identifiable Information. We have implemented various security guards to protect all personal information in accordance with industry standards.

2. miniOrange Roles and Responsibilities

Please note that this privacy policy is applied to our customers/clients/partners who are using miniOrange Products to provide Cloud and In house based Solutions. These solutions will particularly require your personal information to provide you with appropriate security. 

Each of our customers is aware of the information they provide to miniOrange they have a control and rights to restrict miniOrange about the use of personal information. This content will include information such as first name, last name, phone number, email address, department you work or any such information that the customer chooses to submit.  miniOrange processes this data as a Service provider and when a customer chooses to process this information. miniOrange will not be responsible for the privacy of the customer personal information that is not described in this privacy policy.

3. Personal Data collection 

This section applies to how miniOrange collects personal information in the following ways.

We collect the information about you 

  1. When you create the account or you register with us such as Name, email address, contact information. 
  2. When you contact our customer support we collect information such as name, email address and phone number to contact you back for resolving the queries. The Personal Information you provided is used for such purposes as answering questions, improving the content of the website, customizing the content, and communicating with the Visitors about miniOrange’s Services, including specials and new features. This information helps us to categorize the question, track potential problems and trends and customize our support responses to better serve you.
  3. We also collect your device specific information (e.g. mobile and desktop) from you in order to provide the Services. Device-specific information includes attributes (e.g. hardware model, operating system, web browser version, as well as unique device identifiers), connection information (e.g. name of your mobile operator or ISP, browser type, language and time zone, and mobile phone number); and device locations (e.g. internet protocol addresses and Wi-Fi). This information is particularly useful for providing you the services.
  4. We may receive your agreement details such as signature and payment details and use third party payment processing services to collect the payments. This information will include your billing address, billing name and credit card details, in order to receive payment for some products and services. 
  5. We may use some third party services to improve our functionalities. These services may require cookies, sessions and metadata to be stored at some place. This type of data will allow us to understand what type of individuals are using our services, products and websites. We also have to collect the device data to understand the different types of users on different devices at different locations which will allow us to improve our website, products and services. These third party service providers are only used to collect some limited information to improvise our services, not to use or disclose for other purposes.

 

4. Security on Collected Data

miniOrange maintains and uses reasonable administrative, organizational, technical and physical safeguards to protect your information from loss, destruction, misuse, unauthorized access or disclosure as required by applicable law. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g. your users).

Security Practices

  1. miniOrange takes several steps to secure data. For all queries, retrievals, and bulk updates, the miniOrange service returns or updates only validated data. All miniOrange system responses to a request are subject to any access restrictions in place for that customer and their miniOrange registered users. This user/customer relationship is revalidated on every request to ensure that only authorized users within the customer’s sub-domain view the data.
  2. Our state-of-the-art encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers. miniOrange encrypted DB instances provide an additional layer of data protection by securing your data from unauthorized access to the underlying storage. We use Amazon RDS encryption to increase data protection of applications deployed in the cloud, and to fulfill compliance requirements for data-at-rest encryption.
  3. miniOrange uses Amazon KMS (key management service) to encrypt data symmetrically. This uses cryptographic keys for our applications and is a useful technique for data encryption. miniOrange uses different versions of RSA, DSA, TRIPLE-DES, AES and HMAC as required.
  4. All access to miniOrange uses the https protocol. Customers are assigned their own domains, sub-domains, and cookies.
  5. miniOrange uses strong encryption to secure sensitive customer data such as unique SAML keys that are created for authentication. We also store and encrypt credentials that users submit for secure browser applications (apps), configured within their SSO environment.
  6. miniOrange does not implement any proprietary encryption. Customer data encryption is performed at the application layer. The use of application level encryption protects sensitive data, even in the event of partial compromise.
  7. miniOrange encrypts the customer confidential data in the database. The encryption is performed using symmetric encryption 256-bit AES with exclusive keys. Customer exclusive symmetric keys ensure data segregation.
  8. Amazon Web Services (AWS) – provides the infrastructure that hosts miniOrange’s Identity-as-a-Service platform. AWS SOC 2 report is available here: https://aws.amazon.com/artifact/
  9. For more information on security practices: https://idp.miniorange.com/security-practices-at-miniorange/

 

5. Information collected on behalf of Customers using our Services.

miniOrange collects information under the direction of its customers and has no direct relationship with the individual Users/employees whose personal data it processes. miniOrange works with its customers to help them provide notice to their employees concerning the purpose for which personal information is collected. We collect information for our customers. If you are an employee of one of our customers and would no longer like to use miniOrange’s service, please contact your Employer directly. miniOrange may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their Employer. If the Employer/miniOrange’s Customer requests that miniOrange remove the data, we will respond to their request within 30 business days. miniOrange will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customer. miniOrange will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

6. Your choices on Information

In the above section, we described how we collect and use your data. Below we have described how you can opt-out and modify settings related to our processing of your personal data.

You can change your information at any time by editing your account, or by closing your account. You can also ask us for additional information we may have about your account. You have a right to (1) access, modify, correct, or delete your personal information controlled by miniOrange regarding your account, and (2) close your account. You can also contact us for any account information which is not readily accessible to you. 

7. Changes in the Policy

We will notify you when we change this Privacy Policy. We may change this Privacy Policy from time to time. If we make significant changes in the way we treat your personal information, or to the Privacy Policy, we will provide notice by posting an announcement on the Website or sending an email prior to the change becoming effective. 

8. Contact

If you would like to contact us with questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Email us at: info@xecurify.com

Or call us at:  +1 978 658 9387

Or you can fill form with your question/concern: https://www.miniorange.com/contact