Springboard has built in security from our inception, through using best practices for electronic, physical, administrative, and organizational controls, and the leading tools of the industry, including AWS, Auth0, and Gitlab.

Shared Responsibility Model

AWS is responsible for the security of the cloud. Springboard is responsible for the security in the cloud.

Access to Customer Data

Springboard’s access, by any means or methods, to any Customer Data is solely for the purpose of and will be limited only to the extent necessary for performing the Services.  Springboard and Springboard Personnel don’t include Customer Data in unencrypted emails or files attached to emails that are transmitted unprotected via the Internet.  Springboard uses data loss prevention software to monitor and prevent the unprotected transfer of PII.  All electronic data sources containing PII must be encrypted. 

Encryption

Springboard encrypts all data at rest and in transit in accordance with Advanced Encryption Standards (AES).

Back-Ups

Springboard uses a backup procedure for all stored Customer Data, with back-ups occurring on a daily basis. All back-ups are encrypted in accordance with Advanced Encryption Standards (AES).

Data Retention and Destruction

Springboard maintains effective data retention and destruction procedures to ensure records containing Customer Data are disposed of in a timely manner that does not compromise the security, confidentiality or integrity of the information. 

Authentication

Springboard protects Access Credentials, including by: (a) ensuring that passwords and PINs do not appear in readable form while the user is typing or entering the password or PIN; and (b) storing passwords and PINs in a one-way hashed format, protected with salt. Springboard ensures passwords contain at least eight (8) alpha-numeric characters and at least three (3) of the following criteria: (i) upper case letters, (ii) lower case letters, (iii) numbers, and (iv) special characters.