The Signal Vine platform is 100% compliant with federal communications and data privacy regulations. It’s designed to protect your student data from threats by applying industry-standard security controls at every step. The platform meets the Family Educational Rights and Privacy Act (FERPA) standards and is used by the US Department of Education, the military, and hundreds of higher education institutions. Your data is safe with Signal Vine.
The FCC enacted the Telephone Consumer Protection Act (TCPA) to crack down on unsolicited marketing messages. The Signal Vine Text Messaging Platform was designed from the beginning to fully comply with TCPA regulations.
An important clause from the policy for most of our customers is, “For non-commercial, informational texts (such as those sent by or on behalf of tax-exempt non-profit organizations, those for political purposes, and other noncommercial purposes, such as school closings), your consent may be oral.” Text messages must include information about the following:
Ask your Customer Success Representative for help crafting opt-in or opt-out language.
The Signal Vine Text Messaging Platform is fully compliant with the US Department of Education’s Family Education Rights and Privacy Act (FERPA). The platform logs all message history, encrypts communications, and securely protects all data. Most organizations that use the text messaging platform only include “directory” information in their text messages, such as students’ names. It is important to note that this directory information does not require consent to adhere to FERPA laws. Signal Vine provides controls to ensure that this protected information is only available to the appropriate users.
The Federal Trade Commission’s Children’s Online Privacy Protection Rule (COPPA) requires parental consent before communicating with students under the age of 13. Most of Signal Vine’s customers do not work with or communicate with students under the age of 13. For those who wish to communicate with students younger than 13, proof of written parental consent is required. Your Customer Success Representative can help you draft language for a parental consent form if needed.
The Signal Vine platform is 100% compliant with federal communications and data privacy regulations. It is designed to protect your student data from threats by applying industry-standard security controls at every step. Built upon HIPAA compliance, the platform meets FERPA standards and is used by the US Department of Education, the military, and hundreds of higher education institutions. Your data is safe with Signal Vine.
The Text Messaging Platform is a distributed, fault-tolerant (i.e., if one component fails, back-up equipment will ensure the platform still operates), cloud-based application that can scale vertically and horizontally based on the amount of demand, giving you the performance you need during peak times. Only message content and the recipient phone number are shared with our SMS providers. No other customer data is accessible outside of the platform. The platform only allows HTTPS, which is a secure connection from users. It’s a client of our REST API (our programmer’s toolkit) and provides a user interface for reading and writing program data.
The platform is hosted on a virtual private cloud (VPC) in Amazon Web Services (AWS). None of the servers running the platform are directly accessible to the internet and are protected by a Bastion Host that serves as a “locked door” to protect our VPC. When employees need access to servers, they use private key encryption to tunnel through the Bastion Host to reach the servers behind them.
Signal Vine relies on AWS elastic load balancers and elastic IP to provide high availability to the platform. They work by redirecting requests to multiple servers to provide a lag-free experience. Amazon Route 53 provides Domain Name Services (DNS).
The platform is protected by AWS Shield Standard, which is a managed Distributed Denial of Service Attacks (DDoS) protection service that safeguards the Signal Vine web application from malicious activity.
AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and lag that would affect users who are trying to access our service. The platform is stored in five data centers distributed throughout North America.
All services (web servers, database, search) have redundancies (duplicate hardware and software) for high availability.
The platform is accessed over Secure Socket Layer (SSL) with 128-bit encryption and authentication. The platform servers do not accept non-encrypted requests.
All data is encrypted both at rest and in transit. Different encryption schemes are used for different types of data, depending on the need. For example, passwords are encrypted using a Bcrypt algorithm and SHA-256 encryption. Additionally, data is only sent using 128-bit authentication. All data is encrypted and delivered by HTTPS. Signal Vine does not support insecure connections to the platform.
All data is partitioned by account and program, which provides row-level security to authorized users. This means that each account and application is isolated from all others. The design of the platform enforces restricted access levels and does not allow unauthorized access to data. Each user is assigned a partition key and can only access data in the partition to which they are assigned.
User passwords are encrypted using a Bcrypt hashing function and a single-use salt, which is not stored. This means that encrypted passwords are extremely secure. The platform backs up data nightly and ships transaction logs to allow for a point in time recovery to within 15 minutes of when the database goes down. The database is not accessible directly via the internet. It is only accessible via a private network interface connected to the data center.
As noted above, the platform is hosted on a group of separate, secure application servers. All servers can only be accessed using key-based authentication (a 2048-bit RSA key pair). Signal Vine employs access control policies to secure appropriate access and ensure that personally identifiable information (PII) and all data is protected by encryption. Signal Vine employs highly restrictive network access and a rigorous data backup protocol. In addition, an activity log is monitored when data is exported.
Compliance with State and Federal data privacy regulation is ensured through periodic peer review of compliance laws and ops/coding practices, procedures, and implementation.
Customers control staff access to student profile and message data by assigning security roles to users. There are currently three supported roles:
Signal Vine is committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by strong data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.
We are dedicated to safeguarding the personal information under our control and in developing a data protection program that is effective, fit for purpose and demonstrates an understanding of and appreciation for all existing regulations. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of revised data protection policies, procedures, controls and measures to ensure maximum and ongoing compliance.
Signal Vine, Inc. already has a consistent level of data protection and security across our organization. While our company and our customers are based in the United States, it is our aim to be fully compliant with the GDPR in order to safeguard the information we store. Our preparation has included the following:
Signal Vine stores personal and educational data on behalf of our customers, which is used to segment and personalize outgoing text messages from our customer institutions. The data that is stored varies by institution and is governed by agreements between the recipient and that institution.
All records in the Signal Vine database must have a mobile phone number, which is used to send messages to the recipient. Additionally, the following fields are standard fields that most (but not all) customers collect:
This information is used to identify the recipient and personalize the messages that the recipient receives.
Additionally, customers may store any additional personal profile information that the deem necessary to segment and personalize their outgoing messages. Signal Vine does not directly control what information is stored, but will ensure that the information is secure. We respect all requests for deletion or update, regardless of the information stored.
As messages are exchanged between our customer institutions and their messaging recipients, Signal Vine collects and stores data related to those transactions, including (but not limited to):
This information is used to ensure that messages are being delivered correctly, to troubleshoot any issues and to display the conversation within our application. Additionally, message content may be analyzed to look for common questions or responses to identify areas that institutions may want to automate or otherwise address. When analyzing in this manner, only the message content is analyzed. Recipient name or personally identifiable information is not used in this analysis.
Data on usage of the Signal Vine application by customers is collected, including when users access the platform, what they access, what actions they perform and what browser or device they are using. Only users of the Signal Vine platform are included in this collection – this does not extend to recipients of messages.
This data is used to support users, to analyze the platform for performance and to plan additional features. This data is only available to members of the Product, Customer Success and Engineering teams within Signal Vine and is not shared with third-parties.
Signal Vine would like to send you information about services and resources of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date.
You have the right at any time to stop Signal Vine from contacting you for marketing purposes. You can opt out by selecting the option in any communication you receive from Signal Vine.
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website of an individual’s right to access any personal data that Signal Vine, Inc. processes about them. The individual has the following data subject rights:
Signal Vine, Inc. takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures.
None of the servers running the Signal Vine platform are directly accessible to the internet. These servers are protected by a Bastion Host that serves as a firewall to protect our Virtual Private Cloud (VPC). When employees need access to servers, they use private key encryption to tunnel through the Bastion Host to reach the servers behind them. The platform is accessed over SSL with 128-bit encryption and authentication. Platform servers do not accept unencrypted requests.
All servers can only be accessed using key-based authentication (a 2048-bit RSA key pair). Signal Vine employs access control policies to secure appropriate access and guarantee that personally identifiable information (PII) and all data is protected by encryption. Signal Vine employs highly restrictive network access and a rigorous data backup protocol.
Signal Vine addresses and tests for the Open Web Application Security Project (OWASP) Top 10.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For more information, visit all aboutcookies.org.
Our Company uses cookies to improve your experience on our website, including the following:
The Signal Vine website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Signal Vine keeps its privacy policy under regular review and places any updates on this webpage. This privacy policy was last updated on January 7, 2020.
Signal Vine has developed and implemented a tested set of processes to ensure any outage or service interruption is managed in a timely manner. This document outlines these procedures.
Signal Vine’s Text Messaging Platform is hosted in a secure facility with Amazon Web Services (AWS). The platform is stored in five data centers distributed throughout the Northern Virginia AWS region.
Signal Vine has two database servers with AWS: primary and replica. If anything happens to the primary database, the replica server will take over and become the new primary. Signal Vine’s data replication strategy provides a five minute recovery point objective (RPO) and a one hour recovery time objective (RTO). In addition, Signal Vine keeps daily AWS backups in a separate data center and region in case the availability zone is affected and both primary and replica databases are lost (a catastrophic event). The platform will survive this scenario with a 24 hour RPO and an 8 hour RTO. Recovery can take place at any time.
The disaster recovery process ensures that Signal Vine will notify customers as soon as an incident is detected.
Platform. Signal Vine has a hosted, managed data center that can run without our involvement. Signal Vine’s back office systems are all indexed and searchable.
Personnel. Signal Vine’s Engineering and DevOps staff provide multiple layers of oversight and redundancy. Oversight roles elevate to the Chief Financial Officer and ultimately the CEO.
Signal Vine, a Delaware corporation, has a board of directors and external investors to help assure that the company remains a going concern.
Insurance. Signal Vine has multiple insurance policies and plans in place to guarantee that the business is covered in the case of unexpected events. These events may include loss of key personnel or an insurance claim that might disrupt the normal operation of the business.
Signal Vine restores backups to a testing environment every day. Signal Vine constantly verifies that the backups used in event of catastrophe are usable. There is tooling in place to create a database from those backups.
Signal Vine can spin up a new environment with its servers and support services within minutes. This capability is tested multiple times per day.
Signal Vine regularly performs vulnerability assessments and penetration tests on the infrastructure and platform. An independent assessment will be performed and the results will be shared if requested by a customer.
Signal Vine does not disclose data to any third party except where the disclosure is a) required for the sending of an account’s text messages, or b) required by law pursuant to a subpoena.
Data is encrypted both at rest and in transit, so Signal Vine’s technology providers do not see customer data, unless Signal Vine explicitly grants access.
This encryption also protects against accidental disclosure or malicious attacks.
If you have any questions about Signal Vine’s privacy policy, the data we hold on you, or you
would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at contact@signalvine.com
Call us at (703) 480-0278
Or write to us at 811 N. Royal St., Alexandria, VA 22314
