Your trust is important to us. That’s why Spotlight Software respects your privacy and takes great measures to protect the integrity of your company’s data.
Your account, identity and data remain private to you or your organization unless you choose to share them with others. (See User permissions for specifics on privacy and permissions within your team.)
Within the walls of Spotlight Software, access to servers and your data is controlled and limited. As with any other SaaS product, direct access to the servers is necessary to provide our service. Only a very small number of vetted and qualified systems engineers have this access. Most other employees are completely blocked off from server access, while certain engineers are given limited access to specific server functionality on an as-needed basis.
Spotlight Software has a zero-tolerance policy on the unauthorized access of the data within your Spotlight Software application.
Our client application communicates with the Spotlight Software servers through a secured connection protected by 256 bit encryption. This is the same level of security used for banking online.
Once a secured connection is made, additional steps are taken to ensure that all additional communication with the server is coming from the same client, protecting users from “clickjacking”.
Network security and firewalls
Spotlight Software servers are hosted on the Microsoft Azure Web Services (MAWS), allowing us to take advantage of additional industry-leading security measures provided by Microsoft. (you can view these measures here: http://azure.microsoft.com/en-us/support/trust-center/
All application and database servers are protected behind a firewall, in an Microsoft Azure Virtual Private Cloud, so your data is completely sealed off from outside intrusion. We also take advantage of database protection features such as regular backups and multi-zone failover to protect your data from loss.
Data inside of your Spotlight Software application is private to your team and those you invite into your application. Content can only be seen by the intended recipients, unless you choose to share it with other users.
At Spotlight Software, security is an active process. Our security policies and practices are evaluated and fortified on an on-going basis.
In addition to our own security and vulnerability testing, we welcome responsible feedback and insight from our customers. If you suspect an issue with Spotlight Software security practices, please contact us privately at security@SpotlightSoftware.com , and we will respond as quickly as we can.
Revised: November 7th, 2014