LeadFormix DOES NOT collect sensitive or private information such as logins, passwords, and credit card information.
LeadFormix collects the following types of information:
Referring website and search terms used by the visitor to arrive at the website
Pages visited by the visitor and anchor text clicked on by the visitor
Contact Us forms filled by the visitor
IP address of the visitor
Is the contact information uploaded by the customer into LeadFormix kept private?
Yes. LeadFormix does not sell or make available customer contact information or contact information stored in LeadFormix to third parties. LeadFormix is similar to an email application such as Lotus Notes or Microsoft Outlook which allows our customers to manage contact information and lead information. This information is private.
LeadFormix employee access to customer accounts is restricted to Technical Operations and Customer Services staff on a need-to-know basis to troubleshoot or remediate customer-reported issues.
What is the Password policy for LeadFormix Application?
When a new user is signed in the application randomly assigns a new password.
The user on receiving the same can change it at his end by logging in into the application.
The Password guidelines permit the user to create a password with a minimum of six Alphabet characters + one Numerical + one Special character
Passwords created are never transmitted or stored in their original form, so third parties cannot compromise them. Additionally, in those cases where LeadFormix allows linking to third party on-demand systems, customer authentication information to those systems is stored in encrypted form, with the encryption keys stored separately and in an access-limited way.
How is customer data protected from unauthorized access?
All data access is gated through Authentication and Authorization checks.
User authentication is performed using username + password combination. Authorization is checked using ACLs (Access Control Lists) implemented in the backend servers. LeadFormix service is built upon a scalable multi-tenant SaaS (Software as a Service) model.
Physical Security
Where do LeadFormix servers and database reside?
LeadFormix servers and database are hosted in a SAS 70 Type II compliant data center at the Navisite facilities in San Jose CA
Please describe the data center facilities with a focus on security and availability
State-of-the-art SAS70 compliant data center for uninterrupted services and highest levels of security
Exceeding seismic zone 4 standards, the 25,000 sq. ft. San Jose data center uses the best-of-breed equipment, technologies, and infrastructure experts. LeadFormix servers are housed in one private, secure rack in the data center
The datacenter has been designed for security, resiliency and redundancy, and includes features such as dual utility power feeds, redundant UPS systems and generators that can maintain the data center in the event of power loss. State of the art fire detection systems are deployed and the power and cooling environment is highly-redundant (HVAC and UPS are N+1 redundant)
Please elaborate on the monitoring in place at the data center
7x24x365 Monitoring by two redundant NOCs (Andover and India)
Regular facilities monitoring for all critical electrical components, environmental systems, and security
Extensive array of technology agnostic monitoring tools to ensure high availability and reliability
Management portal to view both event and performance data
What on-site security measures are in place?
7x24x365 on-site security personnel and digital surveillance
Offices and common areas isolated from the data center
Biometric palm scanners at entrances to data center
Card access control at all interior and exterior doors
Dual authentication at every entry to the data center
Are the LeadFormix servers protected against malicious access?
Access to the LeadFormix site is strictly monitored (only named employees who have undergone security checks), with 7x24x365 interior and exterior surveillance, and two-factor authentication including hand geometry biometric scanners. Access privileges to the datacenter are terminated upon employee termination. All equipment assets are inventoried and inspected on entry and exit.
Only specific IP addresses are allowed access over the network into the data center. This access control is enforced using our load balancer and firewall.
Network accesses are controlled using a firewall. All inbound traffic is routed through the firewall. A second firewall is in place for Automatic failover.
Network Security
Is LeadFormix secured against Web attacks?
The LeadFormix application is protected against multiple forms of web security attacks, including XSS, CSRF and SQL injection through methods including IP-binding for each user session. LeadFormix is committed to working with its customers and partners to continually improve threat detection and prevention
Does LeadFormix authenticate all transactions?
LeadFormix encrypts all communications between the customer and its data center using AES-256 bit SSL and Thawte site certificates. Access to LeadFormix.com is through secure sessions (HTTPS) and only after authenticating a customer with a login and password.
