SOC 2 Compliance
GDPR Measures at Splashtop
Protecting the personal data of our customers has been and continues to be our top priority. We understand our obligations and responsibilities as a Controller and as a Processor for GDPR. We have taken the following steps to be GDPR ready.
- Data Protection by design: We have implemented affirmative consent where all of our customers must opt-in first to share their personal data with us during signup and they have means to withdraw later on. We have reviewed and implemented process to make sure we only collect and process personal data that is necessary to provide the service to our customers. We make sure all personal data is protected with strong industry security standards and best practices, both in transmission and storage.
- Data Governance: We have identified and mapped all personally identifiable information (PII) we collect, what we are doing with it, where it flows and who has access to it. We have signed Data Processing Agreements (DPA) with our third party service providers to ensure they are also committed to GDPR.
- Process and Communication: We have formally reviewed our GDPR readiness with a third party professional firm, put in place additional processes, and set up proper communication channels to handle all GDPR related inquiries and tasks both internally and externally.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, or your rights, please contact us at email@example.com.
California Consumer Privacy Act (CCPA)
As of January 1, 2020, consumers residing in California have some additional rights with respect to their personal information under the California Consumer Privacy Act or (“CCPA”).
Splashtop is committed to CCPA compliance, including Right to Access, Right to Deletion, and Right to Opt-Out.
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The standard was created to increase controls around cardholder data to reduce credit card fraud. PCI compliance is required for organizations that store, manage and process cardholder information.
Splashtop is not a payment solution and we do not store our users’ credit card or financial data in our system.
Splashtop uses third party vendors to store and manage cardholder data and conduct online transactions. We provide secure connections to our PCI compliant payment vendors to ensure compliance.
Every business that is part of the U.S. healthcare industry must comply with Federal standards regulating sensitive and private patient information. In addition to protecting worker health insurance coverage, HIPAA sets forth standards for protecting the integrity, confidentiality, and availability of electronic health information. Splashtop does not process, store, or have any access to any of the users’ computer data such as patient data or medical records. Therefore, Splashtop should not be considered as your business associate. While no single product or solution can make an organization HIPAA-compliant, the Splashtop Business Access, Splashtop Remote Support, Splashtop On-Demand Support (SOS), and Splashtop Enterprise products, when used properly, may help organizations fulfill HIPAA guidelines for the privacy and security of remote access to healthcare information and may be used within a larger system to support HIPAA compliance (see whitepaper below). Some key points to note are:
- Splashtop transmits but does not store the encoded screen capture stream, which is encrypted end-to-end with TLS with AES-256 bit encryption.
- The username / password transmission is encrypted with HTTPS / TLS.
- The user passwords are encrypted and stored in our database, which is protected by encrypted disk and VPN.
- All connections are logged with timestamp and user / device / session info.
- Device authentication is enabled by default with an option to turn on 2-factor authentication.
- Our Cloud security modules monitor and flag suspicious activities real-time and block the aggressor from further access to our Cloud services.
All of these measures should help ensure that Splashtop may be securely deployed in your organization without affecting HIPAA compliance.
Splashtop also offers an on-premise implementation of its remote access and remote support solutions. With this implementation, all of the server modules / services are hosted in the customers’ private cloud. Please find more information at https://www.splashtop.com/enterprise and https://www.splashtop.com/iot (for remote support of computers, mobile / embedded / IoT devices) .
Please contact firstname.lastname@example.org to start a trial or get additional information.
FERPA is a Federal law that protects personally identifiable information in students’ education records from unauthorized disclosure. It affords parents the right to access their child’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.
Splashtop doesn’t access, process, or store education records. Splashtop stores limited information such as session logs, activity logs, and device Information – no student information. Although Splashtop is not subject to FERPA certification, Splashtop follows industry best practice to ensure the data it has is protected.
Learn more about Splashtop and FERPA: Splashtop FERPA Info Sheet
Splashtop’s business products are specifically built to give IT full control over securing the data while giving employees the flexibility to access it from anywhere. They are especially applicable to organizations operating in industries with stringent legislative and compliance regulations where controls for data privacy and systems security are mandated. Splashtop security features also help support HIPAA and ISO 27001 compliance.
Learn more on our Splashtop Security Features web page.
If you have any further questions, please contact us at email@example.com or (408) 886-7177.