Privacy Policy
Privacy Policy
Our Privacy Policy is designed to help you understand what information we collect and how we use and share that information. If you are a visitor to an Ablio Website or a customer of an Ablio Service or a provider of services to Ablio, then except as expressly set forth below, this Privacy Policy applies to your use of such Website or Service.
As used in this Privacy Policy, “Ablio” “us” and “we” refers to Ablio S.r.l. and its affiliates, including without limitation Ablio LLC. The “Websites” means Ablio’s websites (including without limitation www.ablio.com, www.ablioconference.com, www.ablio.it, www.wificonference.com and any successor URLS, mobile or localized versions and related domains and subdomains), and the “Services” means Ablio’s interpreting services and products, applications and services, in each case in whatever format they may be offered now or in the future. The Websites and Services are collectively referred to herein as the “Offerings.”
This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with us (for example, by attending our events), unless a different policy is displayed.
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. For more information, please see Notice to End Users below.
1. What information we collect about you
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
Registration and Contact Information. We collect information about you when you register to use the Services and otherwise provide contact information to us via email, mail, or through our Offerings. This information you provide may include your username, first and last name, email address, mailing address or phone number.
Payment Information. When you purchase the Services, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information. We describe how Payment Information may be collected and processed in Chapter 4.
Technical, Usage and Location Information. We automatically collect information on how you interact with the Offerings, such as the IP address from which you access the Offerings, date and time, information about your browser, operating system and computer or device, the type, size and filenames of attachments you upload, the Services pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device in order to approximate your location to provide you with a better Service experience. We use cookies and similar technologies to collect some of this information.
Session recordings. All your conversation and sessions handled within our Services by our interpreters are recorded. We describe how the Session Recordings are collected and processed in Chapter 5.
Information you provide through our support channel. The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Third Party Platforms. We may collect information about you and your activities when you interact with our advertisements and other content on third-party sites or platforms, such as social networking sites.
Other Information. We may collect other information from you that is not specifically listed here. Other users of our Services may provide information about you when they submit content through the Services. For example, an administrator may provide your contact information when they designate you as the billing or technical contact on your company's account; if you create an account or log into the Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you. We will use any such information in accordance with this Privacy Policy or as otherwise permitted by you.
Cookies and Other Tracking Technologies. Ablio and our third-party partners, such as our providers of customer support tools, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to collect some of the above described information. recognize you across different Services and devices. We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. It's also important to note that we do not allow third party behavioral tracking. For more information, please see our Cookie Policy.
2. How we use information we collect
We use your information in the following ways:
- To provide, maintain and improve the Offerings and our other products and services, including to operate certain features and functionality of the Offerings (for example, by remembering your information so that you will not have to re-enter it during this or subsequent visits)
- To process your inquiries and otherwise deliver customer service
- To process your payments, we share and use Payment Information as described in Chapter 4 (Payment Information);
- To control unauthorized use or abuse of the Offerings and our other products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal
- To analyze trends, administer or optimize the Offerings, monitor usage or traffic patterns (including to track users’ movements around the Offerings) and gather demographic information about our user base as a whole
- To communicate directly with you, including by sending you newsletters, promotions and special offers or information about new products and services. Your opt-out options for promotional communications are described in Chapter 7 (How to access and control your information)
- To manage operation connected to your status of service provider
- To deliver you advertising, including by serving and managing ads on the Offerings or on third party sites and to tailor ads based on your interests and browsing history. Please see Chapter 7 (How to access and control your information) for additional information on how to manage the ads you see
- To satisfy a legitimate interest from us (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests
- In the manner described to you at the time of collection or as otherwise described in this Privacy Policy
- With your consent: we use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
3. How we share information we collect with Third Parties
We do not sell or trade your personal information to third parties.
We share your personal information with our website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential and therefore adhere to this Privacy Policy, in the following limited circumstances:
- The information strictly related to the execution of your service request is shared with our interpreter appointed to the task, such as your name, your telephone number, the telephone numbers of your counterparts in the call. Our interpreters may be independent contractors of our companies, therefore for the purpose of this Privacy Policy they may be considered as “third parties”. The protections of this privacy policy apply to the information we share in these circumstances: all our interpreters are bound to maintain strict confidentiality about your information and any information discussed during their interpreting sessions. For more information, please see our Standards of Practice.
- We may share your personal information with third-party service providers (“processors”) to permit such parties to provide services that help us with our business activities, which may include assisting us with the marketing, advertising our product/service offerings, or providing, maintaining and improving the features and functionality of the Offerings, among other things. For example, we may provide personal information to our service providers for direct emailing of our newsletters or notifications of our product/service offerings (such as MailChimp), for handling several customer relationship functionalities like instant chatting (such as Intercom), for handling our cloud telecommunications (such as Twilio). These third-party service providers are just data or meta-data processors of the information and the protections of this Privacy Policy apply to the information we share in these circumstances, as also described in such providers own Privacy Policies (for MailChimp: mailchimp.com/legal/privacy. For Intercom: www.intercom.com/terms-and-policies#privacy; for Twilio: www.twilio.com/legal/privacy/developer).
- We may share your personal information when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process or enforceable governmental request, enforce a Customer Agreement, including investigation of potential violations thereof, or protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law.
- We may share your personal information with third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud or security or technical issues.
- We may share your personal information with our business partners who offer a service to you jointly with us: for example a service partner which will integrate its onsite services with our online solutions
- We may share your Payment Information to process your payments, as further described in Chapter 4 (Payment Information);
- We may share and/or transfer your personal information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets.
- We may share your personal information with a third party if we have your consent to do so.
4. Payment Information
When you make a purchase on the Offerings, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor Stripe through their Stripe Checkout service. We never receive or store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy here: stripe.com/us/checkout/legal.
5. Session Recordings
When an interpreting service session is held by you on the Offerings, it is recorded and stored on our secure servers for the following thirty days before being automatically deleted. During such period from the service dashboard of our Offerings you have the possibility to re-listen to it, download it on your own personal devices or immediately delete it.
6. How we store and secure information we collect
We use data hosting service providers in the United States and Germany to host the information we collect, and we use technical measures to secure your data.
The security of your personal information is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your personal information. We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect personal information about you. When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology. No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your personal information, we cannot guarantee its absolute security. For more information, please see our Security Policy.
7. How to access and control your information
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format.
Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases: for example, your billings and invoices related to the purchases you did so far cannot be deleted since we need to keep records of transactions for administration and tax compliant purposes for a certain number of years.
- Access and update your information. Our Offerings give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and search for content containing information about you.
- Deactivate your account. If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account by sending a request by email at support@ablio.com.
- Delete your account and your information. You can ask us to delete your account and your related information by sending a request by email at support@ablio.com. By doing so we’ll not be anymore able to provide certain features of the Offerings to you.
- Communication Preferences. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included on such communications. Please note, however, that you may be unable to opt-out of certain service-related communications.
- Blocking Cookies. You can remove or block certain cookies using the settings in your browser but the Offerings may cease to function properly if you do so. For more information, please see our Cookie Policy.
- Data portability. Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Should you request it by sending a request by email at support@ablio.com, we will provide you with an electronic file of your information.
If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
8. How we transfer information we collect internationally
We may from time to time transfer your personal information to other countries and make it accessible to our parents, subsidiaries, affiliates and third party service providers internationally. We will protect your personal information in accordance with this Privacy Policy wherever it is processed.
9. Other important privacy information
Notice to End Users
Many of our Offerings are intended for use by organizations. Where the Offerings are made available to you through an organization (e.g. your employer), that organization is the administrator of the Offerings and is responsible for the accounts over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy.
Administrators are able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to the Services;
- access information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations
In some cases, administrators can also:
- restrict, suspend or terminate your account access;
- change the email address associated with your account;
- change your information, including profile information;
- restrict your ability to edit, restrict, modify or delete information.
Please contact your organization or refer to your administrator’s organizational policies for more information.
Our policy towards children
The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services.
Data protection officer
Our appointed Data Protection Officer is mr. Piergiorgio Fiandanese, who can be reached at giorgio.fiandanese [at] ablio.com email address.
Changes to our Privacy Policy
We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s), as outlined above.
10. Contact Us
Your information is controlled by Ablio S.r.l. and Ablio LLC. If you have questions or concerns about how your information is handled, please direct your inquiry to support@ablio.com or using the information below.
2385 NW Executive Center Dr
Boca Raton, FL 33431
United States
+1 805-601-8224+1 805-601-8224
About privacy rules and regulations
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you.
Being a global provider of interpreting services and solutions, our Privacy Policy has been created in order to comply with the rules and regulations on the matter set by different governing bodies across the world. The following is a selected list of the most important ones, accompanied by a short description of our related commitments.
General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) has replaced the Data Protection Directive 95/46/EC and has been designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. See more at: www.eugdpr.org/
According to GDPR we are committed to comply to the following:
- Consent. Obtaining the consent of our users’ data to store and use them can no longer be passive with pre-selected opt-in boxes. Under GDPR, we are required to actively obtain their consent and explain how their data will be used.
- Breach Notification. We must notify both users and data protection authorities within 72 hours of discovering a security breach.
- Access. We must be ready to provide digital copies of private records if our users ask to know what personal data of theirs is collected, where it is stored, and what it is being used for.
- Right to be Forgotten. Under the new regulations, users can ask us at any time to delete their personal data and ask that their data no longer be shared with third party companies.
- Data Portability. The new law states that individuals are able to transmit their data from one data controller to another. Simply put, we should be prepared to provide data to them in a commonly used digital format if it is requested.
- Privacy by Design. We are now be required to have data security built in to our products and processes from the start, specifically in the technology that is used to gather and manage attendee data.
- Data Protection Officers (DPO). For companies that monitor large amounts of data or deal with data relating to criminal convictions, they will be required to have a DPO who is in charge of GDPR compliance enforcement.
California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf.
According to CalOPPA we are committed to comply the following:
- Users can visit our site anonymously.
- We will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
- Our Privacy Policy link includes the word 'Privacy', and can be easily be found on the page specified above.
- Users will be notified of any privacy policy changes on our Privacy Policy Page.
- Users are able to change their personal information by logging in to their account.
HIPAA
HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by U.S. Congress in 1996. The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.
We are committed to follow required policies and procedures to ensure compliance with all applicable HIPAA Privacy and Security Standards, handling as private and confidential all individual health care information (Protected Health Information): our interpreters and staff involved in service interactions with patients and customers at large, are bound to a Confidentiality Agreement, as defined by Ablio’s internal Standards of Practice, publicly available on our website ablio.com.
Download Ablio’s HIPAA Privacy Agreement
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under 13 nor do we knowingly collect or solicit personal information from anyone under the age of 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify the users via in site notification within 3 business days.
- We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- We may also send you additional information related to your product and/or service.
To be in accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time users would like to unsubscribe from receiving future emails, they can follow the instructions at the bottom of each email and we will promptly remove them from ALL correspondence.
Cookie Policy
This Cookie Policy explains how Ablio S.r.l. and its affiliates, including without limitation Ablio LLC (collectively “Ablio”, “us”, “we” and “ours”), use cookies and similar technologies to recognize you when you visit our websites, including without limitation www.ablio.com, www.ablioconference.com, www.ablio.it, www.wificonference.com and any successor URLS, mobile or localized versions and related domains and subdomains (“Websites”) and/or our mobile application ("App") and/or our communication platform ("Platform"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.
About cookies
Cookies are small data files that are placed on your computer or mobile device when you visit a website, mobile app or use an online platform. Cookies are widely used by online service providers to facilitate and help to make the interaction between users and websites, mobile apps and online platforms faster and easier, as well as to provide reporting information.
Cookies set by the website and/or mobile app and/or platform owner (in this case, Ablio) are called "first party cookies". Cookies set by parties other than the website and/or mobile app and/or platform owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website and/or mobile app and/or platform (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognise your computer or device both when it visits the website and/or mobile app and/or platform in question and also when it visits certain other websites and/or mobile apps and/or platforms.
Why do we use cookies?
We use first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites and/or App and/or platform to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Websites and/or App and/or platform. Third parties serve cookies through our Websites and/or App and/or platform for analytics and other purposes. This is described in more detail below.
Our Websites
Types of cookie | Who serves these cookies | How to refuse |
---|---|---|
Essential website cookies: These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas. | Ablio |
|
Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable. | Ablio | To refuse these cookies, please follow the instructions below under the heading "How can I control cookies?" |
Analytics and customisation cookies: These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective are marketing campaigns are, or to help us customise our Websites for you. |
Google Analytics Intercom |
|
Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our Websites through third party social networking and other websites. These cookies may also be used for advertising purposes too. |
Facebook |
|
Our App
Types of cookie | Who serves these cookies | How to refuse |
---|---|---|
Social networking cookies: These cookies are used to enable you to share content that you find interesting on our App through third party social networking. These cookies may also be used for advertising purposes too. |
Facebook |
|
What about other tracking technologies?
Cookies are not the only way to recognize or track visitors to a website and/or mobile app and/or platform. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Websites and/or App and/or platform. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.
Do you use Flash cookies or Local Shared Objects?
Our Websites and/or App and/or platform may also use so-called "Flash Cookies" (also known as Local Shared Objects or "LSOs") to, among other things, collect and store information about your use of our services, fraud prevention and for other site operations.
If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tools contained in the Website Storage Settings Panel. You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).
Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.]
Do you serve targeted advertising?
No.
How can I control cookies?
You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences by clicking on the appropriate opt-out links provided in the cookie table above.
You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Websites and/or App and/or platform though your access to some functionality and areas may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit www.aboutads.info/choices or www.youronlinechoices.com.
How often will you update this Cookie Policy?
We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.
The date at the top of this Cookie Policy indicates when it was last updated.
Where can I get further information?
If you have any questions about our use of cookies or other technologies, please email us at support@ablio.com.
Security Policy
Overview
At Ablio we take the protection of customer data extremely seriously. This Ablio Security Policy describes the organizational and technical measures Ablio implements platform wide designed to prevent unauthorized access, use, alteration or disclosure of customer data. The Ablio services operate on ProfitBricks and PAX8Web Services; this policy describes activities of Ablio within its instance on these Services unless otherwise specified. As you continue to learn more about Ablio we recommend you also review our Privacy Policy.
Security Team
Our infrastructure and security team includes people who’ve played lead roles in designing, building, and operating highly secure Internet facing systems at companies ranging from startups to large public companies.
Best Practices
We have implemented a formal procedure for security events and have educated all our staff on our policies:
- When security events are detected they are escalated to our emergency alias, teams are paged, notified and assembled to rapidly address the event.
- After a security event is fixed we write up a post-mortem analysis.
- The analysis is reviewed in person, distributed across the company and includes action items that will make the detection and prevention of a similar event easier in the future.
- Ablio will promptly notify you in writing upon verification of a security breach of our services that affects your data. Notification will describe the breach and the status of Ablio’s investigation.
Build Process Automation:
- We have functioning, frequently used automation in place so that we can safely and reliably rollout changes to both our application and operating platform within minutes.
- We typically deploy code every week, so we have high confidence that we can get a security fix out quickly when required.
Infrastructure
All of our services run in the cloud. Ablio does not run our own routers, load balancers, DNS servers, or physical servers.
All of our services and data are hosted in ProfitBricks and Pax8 facilities in Germany and the USA and protected by their security. More specific information about ProfitBricks and Pax8 security processes and measures is available upon your request. All of our infrastructure is spread across different data centers and will continue to work should any one of those data centers fail unexpectedly. As such, Ablio builds on the physical security and environmental controls provided by such providers.
Ablio uses a backup solution for datastores that contain customer data.
Data
Customer data is stored in multi-tenant datastores; we do not have individual datastores for each customer. However strict privacy controls exist in our application code that are designed to ensure data privacy and to prevent one customer from accessing another customer’s data (i.e., logical separation). We have many unit and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our codebase is updated and even one single test failing will prevent new code being shipped to production.
Each Ablio system used to process customer data is adequately configured and pathed using commercially-reasonable methods according to industry-recognized system-hardening standards.
Ablio engages certain subprocessors to process customer data. These subprocessors are listed here, as may be updated by Ablio from time to time.
Authentication
Ablio is served 100% over https. Ablio runs a zero-trust corporate network.
We have two-factor authentication (2FA) and strong password policies on GitHub, Google, Twilio, MongoDB, Intercom and Ablio to ensure access to cloud services are protected.
Permissions and Admin Controls
Ablio enables permission levels to be set for any employees or service providers with access to Ablio. Permissions and access can be set to include app settings, billing, user data, or the ability to send/edit manual messages and auto messages.
Application Monitoring
On an application level, we produce audit logs for all activity, ship logs to our service providers for analysis.
All access to Ablio applications is logged.
All actions taken on production consoles or in the Ablio application are logged.
Payment Processing
All payment instrument processing for purchase of the Ablio services is performed by Stripe. For more information on Stripe’s security practices, please see stripe.com/docs/security/stripe.
Customer Responsibilities
- Managing your own user accounts and roles from within the Ablio services.
- Protecting your own account and user credentials for all of your employees accessing our services.
- Compliance with the terms of your services agreement with Ablio, including with respect to compliance with laws.
- Promptly notifying Ablio if a user credential has been compromised or if you suspect possible suspicious activities that could negatively impact security of the Ablio services or your account.
- You may not perform any security penetration tests or security assessment activities without the express advance written consent of Ablio.
Third Parties
Security, Privacy and Compliance Information for Ablio
Ablio engages certain onward subprocessors that may process personal data submitted to Intercom’s services. These subprocessors are listed below, as may be updated by Ablio from time to time:
- ProfitBricks
- Pax8
- Twilio
- Mailgun Technologies, Inc.
- Scalegrid
- Segment
- Atatus
- Keymetrics
- Prerender
- Stripe, Inc.
- Intercom
Archives
ablio.com Standard End User Terms and Conditions
updated 1 June 2015HIPAA Privacy Agreement
updated 5 August 2017ablio.com Standards of Practice
updated 16 September 2024updated 8 October 2017
updated 30 September 2015