Privacy Policy

Terms and Privacy Protocol

Terms and Conditions

RespondNow RSVP Platform and Mobile App is software, custom developed by Ideaworx (Pty) Ltd. All Intellectual Property associated with the software, code, graphics, format, and all associated features are copyrighted, and cannot be replicated or adjusted without express written permission, and remains the property of Ideaworx (Pty) Ltd.

No part, or all of any aspect of the software may be copied or distributed, without express permission from Ideaworx (Pty) Ltd, and Ideaworx (Pty) Ltd retains all rights and copyrights.

RespondNow has various Policies, Standards, Procedures and Guidelines in place, all related to specific aspects of the software, some relative to only certain clients and suppliers as per the individual customisation and specifications required for the software, per login.

More details available on signing of an SLA. 

Privacy Policy

Effective date: November 06, 2018

Ideaworx (Pty) Ltd, through is division, RespondNow (“us”, “we”, or “our”) operates the www.RespondNow.biz website, RSVP Platform (“RSVP”) and the RespondNow Mobile Application (“App”) (hereinafter referred to as the “Service”).

This policy informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Definitions

  • Service

Service means the www.RespondNow.biz website, RSVP Platform (“RSVP”) and the RespondNow Mobile Application (“App”) operated by RespondNow.

  • Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

  • Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  • Cookies

Cookies are small files stored on your device (computer or mobile device).

  • Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

  • Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

We may use the services of various Service Providers in order to process your data more effectively.

  • Data Subject (or User)

Data Subject is any living individual who is using our Service and is the subject of Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally, identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Any other Personal data you provide by completing and submitting the RSVP Form or logging into the App and sharing information
  • Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customise our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

Use of Data

RespondNow uses the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information
  • On any instruction from our clients, who you have an existing relationship with, and have agreed to receive communications from

Legal Basis for Processing Personal Data 

Ideaworx (Pty) Ltd and RespondNow complies with the South African Protection of Personal Information Act 4 of 2013, the Electronic Communications and Transactions Act 25 of 2002 and the Promotion of Access to Information Act 2 of 2000.

If you are from the European Economic Area (EEA), RespondNow’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

RespondNow may process your Personal Data because:

  • We need to perform a contract with you or our client
  • You have given us permission to do so
  • The processing is in our legitimate interests and it is not overridden by your rights
  • To comply with the law

Retention of Data

RespondNow will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

RespondNow will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside South Africa and choose to provide information to us, please note that we transfer the data, including Personal Data, to South Africa and process it there.

Your consent to this Privacy Policy followed by your submission of such information through the RSVP Platform, or download of the App represents your agreement to that transfer.

RespondNow will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information. Measures include: Unique login; End-to-end Data encryption, SAN Security Certificate on the domain.

Data is only securely transferred electronically for backup and resilience purposes.

Disclosure of Data

Business Transaction

If RespondNow is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will however provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, RespondNow may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

RespondNow may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of RespondNow
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Data Protection Rights under Regulation

As a client you have certain data protection rights. RespondNow aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data, or those of your clients.

If you wish to be informed about what Personal Data, we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where RespondNow relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

Software development

Stack: We have a strong focus on open source technologies and mainly use PHPv7.3 as our server-side language. Our frontend stack consists of HTML5, CSS3 and various JavaScript libraries. We use MySQL database technology. 

Coding Practices: We follow an Agile development methodology and use best practices and industry-standard secure coding guidelines to ensure security is always top of mind. External penetration testing providers are used to validate that we are secure.

Security Measures

Anti-virus

We host the website with xneelo, a recognised, approved and compliant service provider. xneelo’s Security Strategy is in line with ours, and where possible Mitigate all Risks and Monitoring. All xneelo servers (which are Linux based) run Clam anti-virus which is updated as new virus definitions are released. Servers are scanned daily. 

User passwords

All customer passwords are stored in a one-way encrypted format using md5.  xneelo is not able to retrieve any passwords. Due to the broad technology implementation across our hosting software and platform, we employ a number of different password hashing algorithms e.g. bcrypt, sha-512.  We implement industry standard practices for mitigating various password cracking methods e.g.:

  • Password salts to mitigate rainbow attacks
  • Multiple password hashing rounds (key stretching) to massively draw out brute force attacks
  • All Clients are supplied a unique Login and Password, which is changed annually, or as often as the Client requests a change. Logins have md5 encrypted password requests, with No hard coding – one-way encryption. 

Mail security

SSL is used for SMTP protocols for email, resulting in data encryption between xneelo’s server and customers’ mail programmes. 

Website security

  • The web application accessed is from a browser, and does not make use of any commercial CMS, as it’s a Custom Build.
  • The website has a registered SAN Security Certificate through DigiCert, which is kept up to date, annually.
  • We use GIT for version control.
  • The Platform automatically closes user sessions after a period of no more than 15 minutes of inactivity and requires a new login to access the Platform again. 
  • Cloudflare is installed as a second-tier firewall protection.

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyse the use of our Service.

Google Analytics

  • Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

Email reporting and distribution

Everlytic 

Prefix Technologies (Pty) Ltd trading as Everlytic provides marketing automation software.

RespondNow has a Transactional Email Agreement with Everlytic, and is integrated into RespondNow for the sole purpose of providing email distribution reporting. We use the Bulk Mail service from time to time, but only for certain Clients with very large databases, if requested.

Transactional emails are once-off, often private, emails sent to one or more recipients. Unlike regular emails, these are sent through the server with the purpose of ensuring the contents are secure while still generating a basic report. 

Transactional emails are sent using their API. These emails often carry sensitive information such as password resets and/or account information.

Nothing is stored from the message body or any attachments, only the recipient’s interaction data, (e.g. the email subject, the date sent, whether the email was opened/read, and any links clicked). This ensures a comprehensive report while keeping emails secure.

  • API

API is short for Application Program Interface. It is a set of routines, protocols, and tools for building software applications. In our particular case, we offer the routines and protocols which an API script will use to send an email.

Everlytic POPI Compliance & Security Policy

“In compliance with POPI, Everlytic has two roles and responsibilities:

• We are the responsible party regarding the client’s personal information: company details, staff / user details, such as email addresses, phone numbers,

billing details, and other information used to do business.

• We are the service provider or operator regarding the personal information that the client uploads in the form of a database, distribution list, or the like.

1.1 Privacy Principles

As your service provider, stewardship of your data is critical to us and a responsibility that we embrace. We abide by the following principles when collecting, recording, storing, disseminating, and destroying personal information, and responding to government requests for our users’ data:

  • Choice and consent: We will not contact / solicit you unless you have given us your consent to do so.
  • Transparency: We let you know up front that we will be processing your data in fulfilment of your request.
  • Accountability and security: We take measures to ensure data is kept safe and prevent loss of, damage to, or unauthorised destruction of personal information, and unlawful access to or processing of personal information.
  • Access: We will give you access to any of your personal information that you request, unless the request is unlawful.

Client data is always treated as confidential and for the sole purpose of rendering services to you.

1.2 Compliance

Everlytic is compliant with the following:

  • Protection of Personal Information Act (POPI)
  • CPA Section 11
  • Electronic Communications Act of 2002 (ECT)”

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on the website.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on our website.

  1. Indemnification
  1. The Client shall:
    1. indemnify and keep indemnified the Supplier, it’s; employees, agents, contractors, Network Operators, and information providers providing Services;
    2. indemnify the Supplier against all liabilities, claims, damages, losses and proceedings arising from or in any way connected with any breach of the Contract by the Client.
    3. from any claim brought by third parties alleging that the use of the Services by the Client or its’ customers has infringed any intellectual property or other right of any kind or any applicable international legislation.
  1. Confidentiality
  1. The Parties shall each keep and treat as confidential all of the Confidential Information of the other Party and shall not use or disclose any such Confidential Information except for the purpose of implementing the Contract in accordance with its’ terms and conditions and so far as may be required for the proper exercise of such party’s rights and the performance of its’ obligations under the Contract and shall procure that it’s; employees, agents, subsidiaries, licensees and sub-contractors do likewise.
  1. the obligations under clause 11.1 shall not extend to any information or documentation which the party to whom the same is disclosed (“the recipient”) can demonstrate:
    1. is in the public domain or has ceased to be secret,
    2. is required to be disclosed pursuant to any Order of a Court of competent jurisdiction, but only for the purpose of such disclosure and to the extent required so to be disclosed;
    3. is required to be disclosed pursuant to any statute, laws, regulation or ordinance, but only for the purpose of such disclosure and to the extent required to be disclosed;
    4. has been disclosed to the recipient under an express written statement that it is not confidential. 
  1. Intellectual Property
  1. The copyright and all other proprietary rights whatever in all materials developed under the Contract in the course of providing, or in connection with, the Services shall remain vested in and be the absolute property of the Supplier unless otherwise mutually agreed to in Writing between the Supplier and the Client,
    1. The Supplier shall grant to the Client, a perpetual, non-exclusive, non-assignable licence to exploit the industrial or intellectual property rights owned by the Supplier.
    2. The Client shall have no power to grant any sub-license in respect of any licence granted by the Supplier.
    3. If the Services are to be supplied by the Supplier in accordance with a specification submitted by the Client; the Client shall indemnify the Supplier against all loss, damages, costs and expenses awarded against or incurred by the Supplier in connection with paid or agreed to be paid by the Supplier in settlement of any claim for infringement of any patent, copyright, design, trademark or other industrial or intellectual property rights of any other person which results from the Suppliers’ use of the Client’s specification.
  1. The Client agrees with the Supplier throughout the duration of this Contract:
    1. not to cause or permit anything which may damage or endanger in anyway any intellectual property of the Supplier or other third party which the Supplier relies to provide the Services including but not limited to; patents, know-how, registered or unregistered trademarks, design right, copyright (whether existing at the date of the Contract or at any time thereafter) in respect of the Services.
    2. not to cause, instruct, force or permit any person natural or juristic to re-engineer, reverse, decompile, disassemble all or any part of any software or other processing materials used by the Supplier in provision of the Services; and the use thereof restricted to the terms and Specifications outlined in the Order unless expressly stipulated otherwise in the Specifications,
    3. all data files remain the property of the Supplier.

RespondNow.biz, hosted on Xneelo

RespondNow RSVP Platform and Mobile App is software, custom developed by Ideaworx (Pty) Ltd. All Intellectual Property associated with the software, code, graphics, format, and all associated features are copyrighted, and cannot be replicated or adjusted without express written permission, and remains the property of Ideaworx (Pty) Ltd.

It is noted however that any Personal information or Data collected through the use of any RespondNow software, hosted with xneelo, is with express permission granted by our clients, for their use only, and will not be used for any other purposes. Ideaworx (Pty) Ltd and RespondNow complies with the Protection of Personal Information Act 4 of 2013, the Electronic Communications and Transactions Act 25 of 2002 and the Promotion of Access to Information Act 2 of 2000.

This document aims to provide information and reassurance regarding the appropriate technical and organisational measures we have in place to protect our customers’ data and intellectual property, and should be read in conjunction with our terms of service and privacy policy.

Hosting company: xneelo

xneelo hosts RespondNow.biz and all related Databases pertaining to client information – please refer to their Security Policy, Terms of Service and Privacy Policy below.

Physical security

Location

xneelo houses servers in data centres across three locations: Samrand (Gauteng), Cape Town and Germany. Colocation hosting is only offered in our Samrand facility.

The following applies specifically to our Samrand Data Centre, although similar standards and measures apply in our other data centre locations.

Our Data Centre Park in Samrand is our default hosting location. The facility is not in a direct flight path or low-lying area and is centrally located between Johannesburg and Pretoria with a major power substation close by. A geotechnical audit has been done to ensure ground stability.

Surveillance

The Samrand data centre uses 45 internal and external surveillance cameras, as well as 10 perimeter cameras, which are strategically placed and monitored around the clock to ensure that all servers remain off-limits to anyone without security clearance. High-voltage security fences and a 24/7 security presence help to deter any opportunistic crimes.

Access control

Customers, employees and contractors have varying levels of authorised access to different areas of our facility, controlled by high-tech biometric scanning systems, with 20 devices and pin-coded keypads.

Colocation customers have 24/7 unattended access to their POD and a unique pin to each of their racks.

Fire prevention

The facility is custom-designed for low fire risk, with a Very Early Smoke Detection Apparatus (VESDA) installed to trigger alarms at even the slightest hint of smoke particles. 

There are no flammable materials present in the ‘white space’ in the Data Centre and all cabling is fire-retardant. 

Power outages

An 11kV power supply from the municipal power utility energises a fault-tolerant, medium-voltage ring that powers two separate low-voltage 2MVA energy centres. These A- and B feeds power mission-critical infrastructure such as IT load, air conditioning, security systems and emergency lighting. They provide seamless electrical failover with their own emergency backup power systems in the event of a power failure.

We have on-site fuel storage sufficient to run our generators for 7 days’ continuously. Our UPS’s provide always-on power, with battery standby time of 30 minutes.

Connectivity

The xneelo network is multi-homed with multiple uplinks per data centre via at least two Tier 1 upstream providers and peering partners. Should a network failure occur, traffic is automatically rerouted via alternate uplinks, significantly increasing our network resilience.

Connectivity is provided through diverse, redundant fibre routes connecting the facility to a 10Gbps fibre ring.

Network security

Network level security consists of three main components:

  • DDoS mitigation
  • VLAN reverse path forwarding protection
  • Juniper firewall rules at the network edge and core

DDoS mitigation

A DDoS detection and mitigation system is deployed in both the Cape Town and Samrand data-centres. DDoS attack traffic is diverted to a filter/scrubbing server that can distinguish between valid and malicious traffic. Malicious traffic is scrubbed off while valid traffic is re-injected into the network. The victim IP is not affected during the DDoS attack. DDoS detection and mitigation is fully automated and traffic diversion occurs automatically.

Small DDoS attacks are scrubbed locally in the data-centre by the mitigation system. For larger attacks, traffic is diverted to an international DDoS mitigation provider which then sends the clear traffic on to South Africa.

VLAN Reverse path forwarding protection

Reverse path forwarding protection is enabled for all VLANs in our data centres. This policy ensures that only the subnets allocated to a VLAN can generate traffic for that VLAN. This helps to mitigate two kinds of malicious traffic:

  • Source-spoofed traffic where a host is sending out traffic for subnets that do not belong to the VLAN.
  • Inter-VLAN subnet spoofing, where a host in one VLAN uses IP addresses from another VLAN using source-spoofing.

Juniper firewall rules

Firewall rules on the data centre network edge and at the core are used to protect the network in a number of ways:

  • Rate-limiting of certain protocols to protect the network infrastructure.
  • Blocking of certain protocols and destination IP addresses to protect xneelo operational systems.
  • Restricting access to certain hosts and protocols to defined lists of source addresses.
  • Blocking of abusive IP addresses and hosts.

Monitoring

All servers managed by xneelo are monitored 24/7 for all critical services and hardware health.  Our reactive system administrators react to monitoring alerts as they are identified and escalate issues to data centre staff or platform engineers.

Platform security

Servers

All servers used to provide our managed hosting service, both for shared web hosting and dedicated managed servers are physical servers exclusively provisioned and managed by xneelo

Our Self-managed servers are provisioned by xneelo, while the software is maintained by the customer.

Servers are designed to provide redundancy and reliability, including multi-core, multi-CPU systems, ECC (Error-Correcting Code) memory modules to detect and correct data corruption in real time and enterprise grade storage that includes hard disk and solid-state drives.

All data is stored on dedicated, robust RAID storage arrays providing data redundancy and integrity. 

Additionally, our TruServ Commerce range of Self-Managed servers include a Battery Backup Unit (BBU) which protects and maintains the data on RAID cards.

Security response policy

All relevant security advisories are evaluated weekly. We make use of Debian Linux and trust their security response (https://www.debian.org/security/) to all CVEs (https://cve.mitre.org).

Note: Debian is a slow-moving distribution, which means that versioning misinterpretation regarding security vulnerabilities may occur when looking at the output of a typical automated security scan. Debian don’t upgrade major versions for any releases once they move into the stable release phase, but they do apply security patches. Therefore, it may appear that the old stable release of Debian is running an insecure version of certain software packages e.g. OpenSSL (1.0.1t-1). However, once the Debian patch version is applied (1.0.1t-1+deb7u3), the vulnerability is addressed. This indicates the Debian maintainer’s ongoing commitment to patching security related issues on all supported versions of Debian.

We are committed to updating all software to the latest stable versions within 7 days of their release, and within 24 hours for critical software updates.

Remote access

Access to managed servers is limited by means of Linux firewall software. All managed servers make use of the same incoming firewall rules and we do not allow any deviation from the standard rulesets

Backups

All xneelo Managed Servers (i.e. Web hosting and Managed Servers) are automatically backed up in the early hours of the morning. The backup includes all critical data required for disaster recovery.

Backups are made of the user’s home directory as well as databases. The user’s home directory will include site content, web logs and any mail that was on the server at the time that backup was completed.

Customers can restore up to the previous 2 weeks of backup data via the konsoleH control panel. Please note that xneelo does not guarantee backups. If you have critical data which you cannot afford to lose in the event of a disaster, keep a copy of your data locally (or at an alternate location) as well.

Logs (such as FTP, web server and mail logs) are normally kept for 60 days.

Due to the large scale of our Web hosting and Managed server hosting environment, our backup and restore process is effectively tested on a daily basis.

Software development

Stack: We have a strong focus on open source technologies and mainly use PHP and Ruby as our backend languages. Our frontend stack consists of HTML/HTML5, CSS/CSS3 and various JavaScript frameworks. We use varying database technologies including MySQL, MariaDB and Postgres. 

Coding Practices: We follow an Agile development methodology and use best practices and industry-standard secure coding guidelines to ensure security is always top of mind. External penetration testing providers are used to validate that we are secure.

Anti-virus

All servers (which are Linux based) run Clam anti-virus which is updated as new virus definitions are released. Servers are scanned daily. 

User passwords

All customer passwords are stored in a one-way encrypted format.  xneelo is not able to retrieve any passwords. Due to the broad technology implementation across our hosting software and platform, we employ a number of different password hashing algorithms e.g. bcrypt, sha-512.  We implement industry standard practices for mitigating various password cracking methods e.g.:

  • Password salts to mitigate rainbow attacks
  • Multiple password hashing rounds (key stretching) to massively draw out brute force attacks

Mail security

SSL is used for POP, IMAP and SMTP protocols for email, resulting in data encryption between our server and customers’ mail programmes. 

The use of strong passwords is enforced when creating or editing mailboxes via the mail admin tool.

The following measures are used to mitigate spam and malware:

  • Anti-virus and anti-spam scanning occurs on all inbound and outbound email.
  • Common malicious file extensions are blocked for both inbound and outbound email.
  • Known malicious IP addresses are blocked by our firewall for incoming email.

Data protection

Data protection includes security and is a related topic.

Payment Data Security

Credit / debit card purchases for xneelo services are processed by the third-party vendor, VCS. No credit / debit card information is submitted via our website or stored on any of our systems.

Banking details used for debit order instructions are secured by various authentication measures and system firewalls.

Other

Incident response

We have good incident response plans, procedures and practices in place that mean we respond to incidents or data breaches quickly and effectively. 

Trust and Safety team

Our dedicated team of Trust and Safety consultants monitor the hosting platform for any form of abuse such as compromised websites and mailboxes, network abuse and phishing attacks and take swift remedial steps. They also contribute towards adapting our systems to current trends in spam to ensure that our spam filtering service is effective.

Responsibilities 

While xneelo cares for the hosting infrastructure including the network and servers, it is our customers responsibility to keep their data and hosting account secure. 

  • Use secure passwords and store them safely
  • Ensure sufficient security for your web applications
  • Ensure that CMS’ and plugins are always kept up-to-date

We remain committed to providing a reliable hosting service to businesses that are serious about uptime, 24/7 technical support, and are looking to benefit from evolving technologies.

Our Terms of Service

Our Terms of Service and Agreement (including xneelo’s Security statement; as well as privacy policy), our Security and Privacy Protocol governs our relationship with our customers, and sub-contractors, and suppliers. By signing up for any of Ideaworx (Pty) Ltd or RespondNow, services you agree to be bound by all our Terms of Service. 

Please view it via these links for more information:

For more information contact – marcelle@ideaworx.co.za

Copyright © 2019 – RespondNow