At Handheld Contact, we value your privacy and the security of your data, so we wanted to explain the nature of our services, the security measures we currently have in place, as well as some changes we’re making to further protect your data that will go into effect on May 15, 2018.
Here’s a quick summary:
- In preparation for upcoming changes to data protection laws in Europe, we added a feature to our service to limit the length of time sync log files are stored on our servers, and changed the default for everyone to zero.
- HHC Windows Console will support latest security protocol TLS1.2
CURRENT SECURITY MEASURES
- All Data in Handheld Contact on the devices is encrypted
- Information Handheld Contact transfers through the internet utilizes 2048 bit future proof SSL encryption. Every user requires a Handheld Contact account to securely link a user’s phone to the Act! database.
- Our wireless syncing server technology is a secure, central intermediary between the computer application and phone application. All data, new or modified, passes through the sync service and ensures that any changes made to data are efficiently synchronized.
- The HHC Server (Middleware) serves as a "synchronization gateway" rather than a hosting server. Synced data is deleted from our sync server once the customer’s phone and Act! database are updated, so no private customer data exist on our servers after this process is completed. Sync log files are now also deleted by default, but can be enabled by the user only for troubleshooting purposes.
- The HHC User Management Console (installed on the computer/server) needs the following information to work:
- A valid Act User account (Standard Security permission or higher) and a password
- An active Handheld Contact User account and Password
- Administrator credentials to the Act! database.
- Post Deployment security:
- Deleting all Act data from Handheld Contact can be initiated from the HHC Console
- Administrators can prohibit users from exporting data from their device.
HHC Secure Plus
For customers whose industries require additional security, Handheld Contact offers HHC Secure Plus, featuring unrivalled Hipaa compliant security enhancements:
- User Authentication: Some users protect their mobile device with a password while others may not. HHC Secure+ forces end-users to sign-in to Handheld Contact on their smartphone or tablet to use the mobile app so access is limited to authenticated Act! users.
- App Lock: With HHC Secure+ “App Lock”, the Handheld Contact mobile app on a user's smartphone or tablet can be configured to automatically lock—such as when the device goes into standby or after a specified time—requiring user authentication to unlock.
- App Disable: HHC Secure+ “App Disable” can be configured to disable the Handheld Contact mobile app after too many failed sign-in attempts, eliminating the risk of an unauthorized user guessing credentials and gaining access. Once App Lock has activated, access to Handheld Contact on the mobile device can only be restored by accessing the Handheld Contact computer application.
- Automatic Data Wipe: For absolute data protection, HHC Secure+ “Automatic Data Wipe” will destroy all local Act! data stored on the user's mobile device if an unauthorized user is unable to successfully sign-in to the Handheld Contact mobile app after too many failed attempts.
- Mobile Device Encryption: HHC Secure+ encrypts all local data stored on the user's smartphone or tablet preventing unauthorized access to locally stored Act! data if the device falls into the wrong hands. All data transferred through wireless syncing is also encrypted to keep Act! data safe on insecure Internet connections, such as a public Wi-Fi.
- Per-User Customization with HHC Secure+: Every user is unique, which is why HHC Secure+ features can be customized differently (or the same) for each user. All features are convenient to manage from the Handheld Contact computer application.
- Central Management: Securely manage all Handheld Contact users from the Handheld Contact computer application that is installed safely within your business network environment. All Handheld Contact and HHC Secure+ settings are customizable in one, central location.
- Safe Approach to Server Access: Installing the Handheld Contact computer application is required to enable mobile access and it securely handles all outside communication, minimizing risk. Other mobile services require specific technical skills and rely on complicated server configurations that open up access and may leave your network vulnerable.
Handheld Contact's top priority is to provide a highly secure, user-friendly service that helps our subscribers be more productive.
1.0 Information we collect
Handheld Contact collects several pieces of personal information required for user authentication, billing and security, including: credit card number, billing name and address, e-mail address, password, and phone number for occasional support and account verification purposes (credit card information is neither stored on Handheld Contact servers or used for future renewals).
2.0 How we use your information
We collect this subscriber information when a customer sets up an account (trial or paid) and when a customer purchases our services. We may use information we collect to operate and maintain our sites and services, send you marketing communications, respond to your questions and concerns and to help our partners improve their online offerings.
3.0 How we share your information
Handheld Contact will not rent or sell your personally identifiable information to others. Any personally identifiable information you elect to make publicly available on our sites or services, such as posting comments on our blog page, will be available to others.
4.0 Storage and processing
Customers who have paid for our service can log-in to the "My Account" section of our websites at any time to change or update their personal information. Customers can also view their My Account profile and make sure that their information has been updated.