Overall Security Safeguards
- All data is stored and processed ‘blind’ (e., each file is processed as a job number rather than by company name).
- All data we process is encrypted in transit and at rest.
- We have external third-party audits, penetration tests, and application security tests performed on an annual basis.
- We operate firewalls with built-in intrusion detection and data loss prevention.
- All our staff have passed background checks, receive routine security training, have signed Confidentiality Agreements, utilize unique system identifiers, and conform to a strict password policy.
- Code reviews and vulnerability scans are performed monthly.
- Operating systems and software are automatically patched daily and our antivirus and anti-malware signatures are updated hourly.
We offer multiple ways to transfer your data to us securely, and your results are returned through the same secure channels. Our Client Portal and API utilize HTTPS, meaning the communication is encrypted with a 2048-bit SSL certificate (TLS 1.2). You can transmit your file via PGP encryption to your company’s dedicated account on our secure FTPS.
We backup all data locally and replicate a copy to an encrypted storage vault via an encrypted connection within Microsoft Azure. This storage vault is in the Microsoft Data Center in Illinois.
We maintain a record of all processing activity. All data is available to clients through their Client Portal or by request. We have the ability to help all clients validate, update, or remove data for any user that has requested them to do so.
By default, we destroy all data 30 days after the completion of services.
Additionally, our Real-Time service supports the option for immediate anonymization of all logs. This sanitization is enabled by default for all EU-based clients and can be configured within the Client Portal for any other client.
Lastly, we have the ability to suppress any user data on a client or global level. Any email address that appears on a suppression list will be flagged for removal.
If you have any questions or you’d like more detail on any of the above, please do not hesitate to contact the FreshAddress List Processing Team either via email or at 617.965.4500 x 222.
GDPR Data Processing Addendum
For customers who are sending data to FreshAddress for processing and need to be compliant with GDPR please download, sign, and return a copy of our GDPR DPA here. Return a signed copy to firstname.lastname@example.org or fax to 617.965.4551.
CCPA Data Processing Addendum
For customers who are sending data to FreshAddress for processing and need to be compliant with CCPA please download, sign, and return a copy of our CCPA DPA here. Return a signed copy to email@example.com or fax to 617.965.4551.
SOC 2 Report
Please see the full SOC 2 Type 2 Report for FreshAddress here.