Our Commitment
Signal Vine is committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by strong data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.
We are dedicated to safeguarding the personal information under our control and in developing a data protection program that is effective, fit for purpose and demonstrates an understanding of and appreciation for all existing regulations. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of revised data protection policies, procedures, controls and measures to ensure maximum and ongoing compliance.
How We Prepared for the GDPR
Signal Vine, Inc. already has a consistent level of data protection and security across our organization. While our company and our customers are based in the United States, it is our aim to be fully compliant with the GDPR in order to safeguard the information we store. Our preparation has included the following:
- Information Audit – carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Policies & Procedures – revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including the following:
- Data Protection – our main policy and internal procedures for data protection have been adjusted to meet the standards and requirements of the GDPR, with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply, along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
- Subject Access Request – we have added new SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
- Privacy Policy – we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
Data We Store
Signal Vine stores personal and educational data on behalf of our customers, which is used to segment and personalize outgoing text messages from our customer institutions. The data that is stored varies by institution and is governed by agreements between the recipient and that institution.
All records in the Signal Vine database must have a mobile phone number, which is used to send messages to the recipient. Additionally, the following fields are standard fields that most (but not all) customers collect:
- First Name
- Last Name
- Timezone
This information is used to identify the recipient and personalize the messages that the recipient receives.
Additionally, customers may store any additional personal profile information that the deem necessary to segment and personalize their outgoing messages. Signal Vine does not directly control what information is stored, but will ensure that the information is secure. We respect all requests for deletion or update, regardless of the information stored.
Data We Collect
Messaging
As messages are exchanged between our customer institutions and their messaging recipients, Signal Vine collects and stores data related to those transactions, including (but not limited to):
- Mobile phone number
- Mobile phone carrier
- Mobile phone country code
- Message content
- Message direction
- Message delivery status
- Message delivery error code, if present
- Message delivery time
This information is used to ensure that messages are being delivered correctly, to troubleshoot any issues and to display the conversation within our application. Additionally, message content may be analyzed to look for common questions or responses to identify areas that institutions may want to automate or otherwise address. When analyzing in this manner, only the message content is analyzed. Recipient name or personally identifiable information is not used in this analysis.
Usage
Data on usage of the Signal Vine application by customers is collected, including when users access the platform, what they access, what actions they perform and what browser or device they are using. Only users of the Signal Vine platform are included in this collection – this does not extend to recipients of messages.
This data is used to support users, to analyze the platform for performance and to plan additional features. This data is only available to members of the Product, Customer Success and Engineering teams within Signal Vine and is not shared with third-parties.
Marketing
Signal Vine would like to send you information about services and resources of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date.
You have the right at any time to stop Signal Vine from contacting you for marketing purposes. You can opt out by selecting the option in any communication you receive from Signal Vine.
Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website of an individual’s right to access any personal data that Signal Vine, Inc. processes about them. The individual has the following data subject rights:
- The right to request what personal data we hold about them
- The right to request the purpose(s) of the data processing
- The right to request the categories of personal data concerned
- The right to request to whom the personal data has or will be disclosed to
- The right to request how long the individual’s personal data will be stored for
- The right to request the source of the individual’s personal data
- The right to request to correct incomplete or inaccurate personal data
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from Signal Vine, Inc. and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organizational Measures
Signal Vine, Inc. takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures.
None of the servers running the Signal Vine platform are directly accessible to the internet. These servers are protected by a Bastion Host that serves as a firewall to protect our Virtual Private Cloud (VPC). When employees need access to servers, they use private key encryption to tunnel through the Bastion Host to reach the servers behind them. The platform is accessed over SSL with 128-bit encryption and authentication. Platform servers do not accept unencrypted requests.
All servers can only be accessed using key-based authentication (a 2048-bit RSA key pair). Signal Vine employs access control policies to secure appropriate access and guarantee that personally identifiable information (PII) and all data is protected by encryption. Signal Vine employs highly restrictive network access and a rigorous data backup protocol.
Signal Vine addresses and tests for the Open Web Application Security Project (OWASP) Top 10.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For more information, visit all aboutcookies.org.
Our Company uses cookies to improve your experience on our website, including the following:
- Keeping you signed in
- Understanding how you use our website
Privacy Policies of Other Websites
The Signal Vine website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Changes to Our Privacy Policy
Signal Vine keeps its privacy policy under regular review and places any updates on this webpage. This privacy policy was last updated on January 7, 2020.