Effective Date: September 07, 2020
At miniOrange, we never compromise Security – We secure It Right!
2. miniOrange Roles and Responsibilities
3. Personal Data collection
This section applies to how miniOrange collects personal information in the following ways.
We collect the information about you
- When you create the account or you register with us such as Name, email address, contact information.
- When you contact our customer support we collect information such as name, email address and phone number to contact you back for resolving the queries. The Personal Information you provided is used for such purposes as answering questions, improving the content of the website, customizing the content, and communicating with the Visitors about miniOrange’s Services, including specials and new features. This information helps us to categorize the question, track potential problems and trends and customize our support responses to better serve you.
- We also collect your device specific information (e.g. mobile and desktop) from you in order to provide the Services. Device-specific information includes attributes (e.g. hardware model, operating system, web browser version, as well as unique device identifiers), connection information (e.g. name of your mobile operator or ISP, browser type, language and time zone, and mobile phone number); and device locations (e.g. internet protocol addresses and Wi-Fi). This information is particularly useful for providing you the services.
- We may receive your agreement details such as signature and payment details and use third party payment processing services to collect the payments. This information will include your billing address, billing name and credit card details, in order to receive payment for some products and services.
- We may use some third party services to improve our functionalities. These services may require cookies, sessions and metadata to be stored at some place. This type of data will allow us to understand what type of individuals are using our services, products and websites. We also have to collect the device data to understand the different types of users on different devices at different locations which will allow us to improve our website, products and services. These third party service providers are only used to collect some limited information to improvise our services, not to use or disclose for other purposes.
4. Security on Collected Data
miniOrange maintains and uses reasonable administrative, organizational, technical and physical safeguards to protect your information from loss, destruction, misuse, unauthorized access or disclosure as required by applicable law. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g. your users).
- miniOrange takes several steps to secure data. For all queries, retrievals, and bulk updates, the miniOrange service returns or updates only validated data. All miniOrange system responses to a request are subject to any access restrictions in place for that customer and their miniOrange registered users. This user/customer relationship is revalidated on every request to ensure that only authorized users within the customer’s sub-domain view the data.
- Our state-of-the-art encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers. miniOrange encrypted DB instances provide an additional layer of data protection by securing your data from unauthorized access to the underlying storage. We use Amazon RDS encryption to increase data protection of applications deployed in the cloud, and to fulfill compliance requirements for data-at-rest encryption.
- miniOrange uses Amazon KMS (key management service) to encrypt data symmetrically. This uses cryptographic keys for our applications and is a useful technique for data encryption. miniOrange uses different versions of RSA, DSA, TRIPLE-DES, AES and HMAC as required.
- All access to miniOrange uses the https protocol. Customers are assigned their own domains, sub-domains, and cookies.
- miniOrange uses strong encryption to secure sensitive customer data such as unique SAML keys that are created for authentication. We also store and encrypt credentials that users submit for secure browser applications (apps), configured within their SSO environment.
- miniOrange does not implement any proprietary encryption. Customer data encryption is performed at the application layer. The use of application level encryption protects sensitive data, even in the event of partial compromise.
- miniOrange encrypts the customer confidential data in the database. The encryption is performed using symmetric encryption 256-bit AES with exclusive keys. Customer exclusive symmetric keys ensure data segregation.
- Amazon Web Services (AWS) – provides the infrastructure that hosts miniOrange’s Identity-as-a-Service platform. AWS SOC 2 report is available here: https://aws.amazon.com/artifact/
- For more information on security practices: https://idp.miniorange.com/security-practices-at-miniorange/
5. Information collected on behalf of Customers using our Services.
miniOrange collects information under the direction of its customers and has no direct relationship with the individual Users/employees whose personal data it processes. miniOrange works with its customers to help them provide notice to their employees concerning the purpose for which personal information is collected. We collect information for our customers. If you are an employee of one of our customers and would no longer like to use miniOrange’s service, please contact your Employer directly. miniOrange may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their Employer. If the Employer/miniOrange’s Customer requests that miniOrange remove the data, we will respond to their request within 30 business days. miniOrange will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customer. miniOrange will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
6. Your choices on Information
In the above section, we described how we collect and use your data. Below we have described how you can opt-out and modify settings related to our processing of your personal data.
You can change your information at any time by editing your account, or by closing your account. You can also ask us for additional information we may have about your account. You have a right to (1) access, modify, correct, or delete your personal information controlled by miniOrange regarding your account, and (2) close your account. You can also contact us for any account information which is not readily accessible to you.
7. Changes in the Policy
If you would like to contact us with questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:
Email us at: firstname.lastname@example.org
Or call us at: +1 978 658 9387
Or you can fill form with your question/concern: https://www.miniorange.com/contact