We collect the e-mail addresses of those who communicate with us via e-mail, aggregate information on what pages consumers access or visit, and information volunteered by the consumer (such as survey information and/or site registrations). The information we collect is used to improve the content of our Web pages, the quality of our service, and is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:
- It is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law.
Information Gathering and Usage
When you register for MortarStone we ask for information such as your name, email address, billing address, credit card information.
MortarStone uses collected information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact, and research.
A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your computer’s hard drive.
Cookies are required to use the MortarStone service.
Data Storage & Privacy
MortarStone uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run MortarStone. Although MortarStone owns the code, databases, and all rights to the MortarStone application, you retain all rights to your data.
- We are PCI compliant and do NOT store any credit card information on our server.
- We use SSL / HTTPS for all our secure websites.
- We use Key Based Authentication to connect to our servers and have disabled password authentication, which means you can only log in from specific machines. The “root” user is also disabled (this is the equivalent to the Administrator user on a windows server).
- Our entire ‘stack’ is hosted by Amazon Web Services (AWS), this is where all our customer information resides. AWS is a world-renowned hosting provider that maintains SAS70 Type II certification (and other certifications) that ensure the security of your data. For a more extensive review of AWS security compliance and practices, visit http://aws.amazon.com/security/.
- We have never had a data security issue surface but, if we did have an issue, we could quickly look into the situation as we know who looked at what, and when they looked at it.
- We do not sell any data to anyone, period.
- The MortarStone import staff and development team have privileged access, but not absolute access, and all employees must sign a confidentiality agreement.
- We place extreme value on the security of your data, as well as our platform and code base. For this reason, we do not offer a solution that would allow for outside hosting of our services.
MortarStone may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or when your actions violate the Terms of Service.
MortarStone may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your MortarStone primary account holder account or by placing a prominent notice on our site.