Security FAQ and Statements
We take security concerns seriously here at Aspire Technologies, Inc. with all of our solutions including but not limited to QuoteWerks, QuoteValet, and Database Hosting. We design our solutions in a way that applies strict accordance with industry standards. Part of our security precautions and guidance prevent us from disclosing all of our security protocols for good reason – to keep your data safe. Only Aspire individuals that need access to sensitive data, have access to such information.
Does QuoteWerks have a Privacy Policy?
Yes. Our Privacy can be found here: https://www.quotewerks.com/privacypolicy.asp
Does QuoteWerks have a Terms of Use?
Yes. Our Terms of Use can be found here: https://www.quotewerks.com/termsofuse.asp
This contains information about Subscription Service Agreements and the QuoteWerks License Agreement.
Does QuoteWerks have a GDPR Statement?
Yes. Information about QuoteWerks offerings and GDPR can be found here: https://www.quotewerks.com/gdpr.asp
Does QuoteWerks have a CCPA Statement?
Yes. Our California Privacy Policy and information about what we collect can be found here: https://www.quotewerks.com/ccpa.asp
Where are your cloud services hosted?
QuoteWerks Web, QuoteValet, VendorRFQ, Database Hosting Services, and ClarityWerks hosted offerings are provided via Cloud Services Provider Azure in their Central US datacenter (unless otherwise communicated to the customer/End User).
Can 3rd parties access customer data?
No.
Is your data encrypted at rest?
Yes. Information that is deemed sensitive is encrypted at rest.
Can Aspire/QuoteWerks confirm data erasure at end of service?
Yes. Customers can request confirmation of data erasure at end of service. The request must be specific and include the service in which the customer was using.
PCI Compliance
QuoteValet has the ability to collect Credit Card payments from your customers. Here at Aspire/QuoteWerks, we conform to PCI compliance and other security precautions as required and where appropriate.
PCI compliance involves three main components:
- Handling credit card data: How businesses handle the ingress of credit card data from customers
- Storing data securely: How businesses store the data securely
- Validating security controls: How businesses validate that the required security controls are in place on a regular basis
Additional Security Compliance
QuoteWerks currently does not leverage an external SOC Type 1 or SOC Type 2 attestation for compliance purposes.
We adhere to industry best practices for security, following frameworks like the NIST Cybersecurity Framework.
While the ongoing costs associated with certification and maintenance are not currently justifiable,
we recommend reviewing our security statements and policies on this page for further details.
At such time, an attestation may or is available, most of the information contained within such reports would not be made public due to their sensitive nature.
What is your policy on employee background checks?
All employees regardless of position are required to have a Federal, State, and Local background check prior to employment.
Reporting a Security Issue
If you discovered a security-related problem that isn't a common, known vulnerability, kindly send a report to legal@quotewerks.com with relevant details.
Please send a report with detailed information like:
- A problem summary
- A PoC or a breakdown of how the issue can be replicated
- The operating system name and version as well as the web browser's name and text that you used to reproduce the issue
Security is important but we do ask the following
We want to ask you to report vulnerabilities responsibly, with the following principles in mind:
- Don't try to access or manipulate other customers data; only test on your account
- Do not exfiltrate data from our infrastructure (including source code, data backups, configuration files).
- If you obtain remote access to our system, report your finding immediately. Do not attempt to pivot to other servers or elevate access.
- Please avoid techniques that might degrade the service for others (DoS, spamming, etc.)
- Please keep the vulnerabilities secret until you've notified us, and we've had adequate time to remedy the issues
Doing any of these will violate your license agreement and may violate local, state, federal, and international laws.
Please be advised that Aspire Technologies, Inc. is not your attorney, and this information is not legal advice. This information does not provide, does not constitute, and should not be construed as, legal advice. The information provided was accurate at the time of publishing, but may not be all encompassing. It is for educational purposes only and is not to be acted or relied upon as legal advice. The information does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney representing you in your jurisdiction.
Last Edited on 2024-12-06