Last Updated: April 27, 2016
Validas Values Your Privacy
Frequently Asked Questions
- How have you instituted audit trails to know who is accessing data within your organization?Logging is enabled on all the servers to provide a trail of who accesses the server and what was done while the user accessed the server.
- How will you know who is accessing data outside of your organization?All logins to all servers and our databases are logged. All database transactions are also logged within the database. Only Validas support personnel have access to the server(s) that host the Validas Database.
- What is your password methodology and how will you ensure and verify your customers if their password is lost?Passwords must be at least 6 characters in length. No passwords are stored in any manner and any request for password retrieval will be sent to the email address that the user signed up with.
- Will you use multi-factor authentication, email, password, answering questions?We only use email and password for authentication.
- What security mechanisms will cover transmission within and outside your organization to third parties? And the data at rest on your server and the servers of your partners?Firewalls are in place at multiple levels within our solution and are utilized to secure external traffic from reaching servers that host user data. We utilize an SSL certificate from GoDaddy that requires a minimum of 128 bit encryption between our servers and any external servers to secure the transmission of data to/from third parties.
- How will access to sensitive data be revoked if employees change jobs?If a user that has access to any server in our solution changes jobs, the user’s login to any of our servers are removed the same day the employee leaves Validas. All other accounts that remain and have access to any of our servers and our databases will be required to change their passwords that same day to ensure no other logins are compromised.
- What restrictions are in place to control the merging of the sensitive data with unprotected data?We consider all our data sensitive and take every precaution to avoid displaying that data unless it is the user that requests their data. We currently do not have a process in place to control the merging of data other than what requirements the user has to view the data and what we are willing to store/display to the user. We use industry standard HTTPS for all web pages and APIs that contain or transmit potentially sensitive data.
- What mechanism is in place that allows customers to access their information in order to verify that the data is accurate?We provide a user settings page that allows a user to validate and change some of their personal information. We do not provide a way to edit any data that we obtain from a user’s wireless phone bill.
- How will the information from your customers be received? How will it be protected in transit?The data will be protected using an SSL certificate from GoDaddy for secure communication between the client’s computer or mobile device and Validas’ servers.
- Will it be encrypted?Yes, the entire upload transaction will be encrypted with a minimum of 128 bit encryption and the date base and file store servers are encrypted as well.
- How will it be protected when it is on your website or in your mobile application?The user’s data is saved to a secure, encrypted, geo-redundant blob store. Only the computer account that runs the website, the mobile application, and certain employees that need to have access to the information have access to the blob store. All other users are denied access.
- What collected customer information will be moving intra-departmentally or intra-personally or through to outsourced organizations?Validas will not be moving personally identifiable information outside of Validas. Certain employees and groups within Validas have access to all data obtained by Validas and utilize this data to create business intelligence reports for use within Validas and outside of Validas. When information is shared outside of Validas all personally identifiable information is removed.
- Who in your organization will have access to the sensitive information?Only certain employees that need to have access to the information will have access to the customer information that Validas collects. These employees include but are not limited to C-level executives and members of the Validas engineering team.
- Will there be audit trails of accesses to a customer’s wireless billing data and other data?Yes. Audit trails of access to a customer’s wireless bill data will be stored in a database and indicate who accessed the data and on what date and time.
- Exactly what information will be moving from Validas to third parties? (Merchant accounts?)Validas from time to time will create business intelligence reports that incorporate data that is collected via analyzing our user’s wireless bills. However, any information that is shared outside of Validas has all personally identifiable information removed before it is shared.
Who Will Be Collecting Information?
- Under what circumstances will you be collecting information?We collect information when a user uploads their bill, when signing up for our service, when paying for our service, when a user opts to provide additional feedback about our website/services we provide, and when a user opts to provide their email address for notifications. We also collect information to provide users specific marketing according to data retrieved from your bill. We also collect industry standard web usage information including, but not limited to, IP addresses, user-agents, geo-locations, and browser cookie information.
- Exactly what information do you need to execute your service?We collect information from the user’s bill to validate the user’s bill and provide recommendations for potential savings.
- Will you be collecting information that you don’t need to perform the services?The information we collect that we do not need to perform the Services include customer feedback, customer posted stories/blogs entries, and wireless bills of carriers that we don’t service yet (opt in).
- How is each class of data going to be used?All data collected will be utilized by Validas in a manner that Validas deems necessary. Validas will never disclose personally identifiable information when using the data, unless specifically approved by a user.
- Will you be deleting the billing and usage data after the bill is uploaded?No. By uploading your bill, you give Validas the right to use your billing and usage data for maintaining and enhancing any current or future Validas products.
- What organizations will you share or transfer customer information, i.e. Merchant accounts, credit card processors?We will be sharing customer credit card information and the customers billing address with our credit card processors as appropriate.
- How will you accept payment?We will accept payment via Visa, MasterCard, and AMEX.
- What choices are available to your customers regarding the control of collection, use and distribution of their personal information?We do not allow the user any control. The user must opt-in for our service and by doing so they consent to the collection of any data we need to provide our service.
- How will you guarantee that the information that your customers provide to you for the purpose of credit card transactions for your service or the Validas billing statement only be used for the purpose for which it was collected?Validas will never share a client’s credit card information or use it in a manner that is outside of charging the user for the purpose of utilizing the Services.
- Will you guarantee that customer information will be protected if another company purchases Validas?Validas cannot guarantee that customer information will be protected if Validas is purchased by another company due to the purchasing companies potential policies that may be in place at the time of purchase of Validas. That being said, Validas will follow this entire policy while Validas owns itself.
Expanded Privacy Policies
Collection and Use of Your Information
VALIDAS collects information from our website users, subscribers, mobile app users and other customers. In this section of our Privacy Statement, we describe the type of information we collect and how we use it to provide better services to our customers.
Registration and Ordering
When signing up for the Services you will be asked to register. During registration, you will be required to give contact information (e-mail address and password). For internal purposes, we use this information to communicate with you and provide the Services. We use such information to improve the Services.
For the Services that require payment (products and subscriptions), we also collect credit card information (such as account name, number, address, expiration date and the security code on your credit card), which is used for our or our agent’s billing purposes only, and is not ever otherwise shared except for processing with our bank.
We currently do not have a referral program.
If users wish to subscribe to our e-mail newsletters, we ask for contact information (such as name, e-mail address). We use this information in the same manner as we use contact information in the registration and ordering process described above. Recipients of our newsletters can unsubscribe using the instructions listed at the end of the e-mail newsletter.
From time to time we invite Site users and other customers to provide information via surveys or contests. Participation in these surveys or contests is completely voluntary and the website user, mobile app user or other customer therefore has a choice whether to disclose requested contact information (such as name and mailing address).In addition to the other uses set forth in this policy, contact information collected in connection with surveys and contests is used to notify the winners and award prizes and to monitor or improve the use of, and satisfaction with our website or products or service. Subject to your preferences (as described in the “Permission” section below), such information may be shared with third party sponsors of such surveys or contests.
At some of our sites, we offer interactive and community features such as discussion boards. Please note that all personal information sent or posted via such features becomes public information. We are not responsible for what is posted however we reserve the right to delete any offensive, hurtful, or objectionable postings when we are made aware of such discussions.
Communications with Us
We have features where our customers can submit information to us (such as our feedback forms). Where such submissions include requests for service, support or information, we may forward them to our agents, as needed, to best respond to the specific request. In addition, we may retain e-mails and other information sent to us for our internal administrative purposes to help us to serve you and others better. Please note that letters to the editor and blogging may be made public.
Communications from Us: Service Updates, Special Offers
In order to best serve you, our customer, we may send updates that contain important information about our products and services. For example, we send new members a welcoming message, and verify password and username for our password-protected portions of the Sites. We may also communicate with a customer to provide the Services and for account-related issues via e-mail, phone or regular mail. In addition to such service and product-essential messages, we offer our customers the option to receive information about our company, related products, services and special deals. Users, however, can choose not to receive these communications from us, as set forth in the “Permission” section below.
With Whom Your Information is Shared
We do not actively share personal information with third-party advertisers for their direct marketing purposes, unless you give us your consent. We may share (i) aggregated information (information about you and other users collectively, but not specifically identifiable to you); (ii) anonymous information; and (iii) certain technical information (including IP Addresses and mobile device IDs) to develop and deliver targeted advertising in for the Services and on the websites of third parties.
We may also allow advertisers to collect these types of information within the Services and they may share it with us. Advertisers may collect this information through the use of tracking technologies like browser cookies and web beacons. The information collected may be used to offer you targeted ad-selection and delivery in order to personalize your user experience by ensuring that advertisements for products and services you see will appeal to you, a practice known as behavioral advertising, and to undertake web and mobile analytics (i.e., to analyze traffic and other end user activity to improve your experience).
We may disclose aggregated and anonymous information to describe the Sites and the Services to prospective partners, advertisers and other third parties, and for other lawful purposes. We may use aggregate, non-personally identifiable information for our own internal promotion or marketing purposes and we may share such aggregate non-personally identifiable information with others for marketing purposes.
Our Sites and the Services may contain advertisements from companies other than us that may link to their own websites. We are not responsible for the privacy practices or the content of such websites. If you have any questions about how these other websites use your information, you should review their policies and contact them directly.
We reserve the right to use and disclose non-personal information (in the form collected) to third parties, including, inter alia, potential and actual advertisers, sponsors, business partners, investors, affiliates and consultants, at our sole discretion.
If our company is merged or sold or if entities purchase our assets, products, sites or operations, they will have to use personal information. They will be subject to our privacy policies by agreement. If they choose to change the policies, they will need to provide notice to you in their own Privacy Policies. We will disclose information we maintain when we have a good faith belief that we are required to do so by law, for example, in response to a court order or a subpoena or other legal obligation, in response to a law enforcement agency’s request, or in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our company or the rights or property of our valued customers.
In the event that Validas undergoes a business transition, such as a merger, acquisition by another company, change of control, or sale of all or a portion of its assets, we may transfer all of your information, including personal information, to the successor organization in such transition.
You should also be aware that courts of equity, such as U.S. Bankruptcy Courts, might have the authority under certain circumstances to permit personal information to be shared or transferred to third parties without permission.
For those customers that are California residents, you may have additional rights, as described in the “Your California Privacy Rights” section below.Please note that we will endeavor to implement your permission requests within a reasonable time, although for a time you may continue to receive mailings, etc., transmitted based on information released prior to the implementation of your request. In addition, please note that even after such request is implemented, you will continue to receive information directly related to the product or service for which you registered (or which you otherwise agreed to receive), so you always are kept informed.
Your California Privacy Rights
We do not share personal information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure. California Civil Code Section § 1798.83 permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you do ask us to share your personal information with a third party for its marketing purposes, we will only share information in connection with that specific promotion, as we do not share information with any third party (other than our service providers) on a continual basis. To prevent disclosure of your personal information for use in direct marketing by a third party, do not opt in to such use when you provide personal information on our Site.
To make a Section § 1798.83 request, write us at:Validas9119 Hwy 6 SouthSuite 230 Box 130Missouri City, Texas 77459
We use commercially reasonable precautions to protect information about our customers while it is stored on our servers or in transit to our vendors processing on our behalf. Sensitive information that is transmitted to us online (such as credit card number) is encrypted and is transmitted to us securely. In addition, access to all of our customers’ information, not just the sensitive information mentioned above, is restricted. Only employees who need the information to perform a specific job (for example, a billing clerk or a customer service representative) are granted access to personally identifiable information. Finally, the servers on which we store personally identifiable information are kept in a secure environment.
The Sites contain links to other sites. Validas is not responsible for the privacy practices or content of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each of the Sites to which we may link that may collect personally identifiable information.
When you make purchases on our website or click-through our advertisements offered on third party websites, we may share personal information with the businesses with which we partner to offer you the applicable products, services or advertisements. When you elect to engage in a particular merchant's offer or program, you authorize us to provide your email address and other information to that merchant.
No one under age 18 may provide any personal information to or on the Sites or the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not provide any personal information on the Sites or the Services or on or through any of its features/register on the Sites or the Services, make any purchases through the Sites or the Services, use any of the interactive or public comment features of the Sites or the Services or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.
Notification and Changes