Your source for our latest security & system information.
Quick links:
Keep your user passwords safe by following these tips.
Note: Botdoc will never ask you for your password.
Exercise caution using public computers (coffee shops, library, airport, hotel): Public web browsers can cache personal data and store login details. Always log off of web sites and clear the browser cache to protect your personal information, passwords, and accounts.
Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive.
Before you dispose of a mobile device, check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device. Remove the memory or subscriber identity module (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.
Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.
Yes, they can be long and complex, but they tell you how the site maintains accuracy, access, security, and control of the personal information it collects; how it uses the information, and whether it provides information to third parties.
If you are experiencing a system failure, suspect some type of technical incident or breach, or have a general issue, please contact us at support@botdoc.io.
If you believe you may have received a fake email, forward the entire email – including the header information – to us at: support@botdoc.io, then delete it from your mailbox.
If you find or suspect a security incident, please report this to us at: support@botdoc.io.
Please report this to us at: anonymous@botdoc.io.
Security is part us, and part you. That’s why we’ve developed best practices for securing your Botdoc-powered applications.
Data Encryption. Files are encrypted in transit (only strong cipher suites) and at rest (AES-256).
Authentication. Two-factor authentication with RSA, SecurID or a digital certificate as well as Active Directory integration.
Network Security. Auto Scaling Firewalls, DDoS Protection, traffic filtering and penetration tests.
Access Controls. Access rights, permissions, and ethical walls based on users and groups.
ISO 27002:2013 & ISO/IEC 27017:2015. Botdoc is ISO27002:2013 certified through MS Azure. This is the highest level of global information security assurance available today, and provides customers assurance that Botdoc meets stringent international standards on security. ISO/IEC 27017:2015 certification, an international standard that aligns with and complements the ISO/IEC 27002:2013 with an emphasis on cloud-specific threats and risks.
Application Security. Static and dynamic application scans, comprehensive logging, and adherence to programming best practices (OWASP Top Ten, etc).
Service Organization Controls (SOC). Annual Type 2 SOC 2 and SOC 2+ audits based on standards set by the AICPA.
PCI DSS. This site is protected by Trustwave's Trusted Commerce program. Botdoc maintains compliance with the current version of the PCI Data Security Standard (DSS) to ensure safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), Botdoc places stringent controls around cardholder data as both a service provider and merchant.
HIPAA Compliant. Full compliance with the Health Insurance Portability and Accountability Act of 1996 for privacy, security, and breach notification rules for data storage.
Data Privacy Framework Certified (formerly Privacy Shield). Botdoc designs its control framework to comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the legal basis for the movement of data from the European Union and Switzerland to the United States.
FERPA Compliant. Botdoc designs its control framework to be compliant with the US Department of Education regarding data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of student data.
GDPR Compliant. Botdoc designs its control framework to be compliant with processing and holding the personal data of subjects residing in the EU.
GLBA. The Gramm-Leach-Bliley Act (GLB Act or GLBA) is the United States federal law that makes it mandatory for the financial institutions to share their methodology to protect the customers’ financial information. Botdoc follows all safeguard rule requirements and practices to ensure functioning in compliance with standards at all times.
FTC Safeguards Rule. Botdoc designs its control framework to be compliant with the FTC Safeguards Rule that requires non-banking financial institutions (Automotive dealerships) to manage and encrypt customer data at rest and in transit.
Routine maintenance, new features, fixes, updates and other important announcements appear on the Botdoc blog. (For best results please clear your browser history/cache after updates.)
View the latest updates and announcements on the Botdoc blog →