Meetly is a meeting-focused collaborative platform that makes it easy to run productive meetings. Meetly applies security best practices on our Hosting Platform. We focus on the security and privacy of our customers data and we ensure that by applying security and data controls at every layer in our application stack.
Meetly's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Meetly utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
For additional information see: https://aws.amazon.com/security
System configuration and consistency is maintained via custom configuration management software that is version controlled, peer reviewed, and tested thoroughly before implementing in our Production environment. We use AWS Best Practice tools to enforce Infrastructure and Application security.
Operating system access is limited to the Meetly Development Team and requires username, key, and IP authentication. Operating systems do not allow password authentication to prevent password brute force attacks, theft, and sharing.
Meetly Production and Staging environments network segments are completely isolated and independent of each other. There is no data sharing between them. All Customer data is only hosted in the Production environment.
Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.
Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to.
The Meetly Platform is a Multi-Tenant architecture. User verification and password recovery are done via time limited single use links/tokens sent to the registered email. Production servers are outfitted to send secure cookies and other security related headers and have been vetted to conform to OWASP Security Best Practices.
Customers can simplify their access to our application by using our secure Google and Microsoft OAuth integration.
All data is encrypted at rest using AWS Best Practices. Only our Meetly Development Team can access data directly and only after username and key.
Meetly is notified of vulnerabilities through internal and external assessments, system patch monitoring, and third party mailing lists and services. Each vulnerability is reviewed to determine if it is applicable to Meetly’s environment, ranked based on risk, and assigned accordingly.
We continually apply the latest security updates to all operating systems and applications, in order to mitigate exposure to vulnerabilities. This process allows Meetly to keep the environment up-to-date.
We undergo penetration tests, vulnerability assessments, and source code reviews to assess the security of our application, architecture, and implementation. Our third party security assessments cover all areas of our platform including testing for OWASP Top 10 web application vulnerabilities.
Issues found in Meetly applications are risk ranked, prioritized, assigned accordingly for remediation, and Meetly’s Development Team reviews each remediation plan to ensure proper resolution.
Customer Data stored in our Meetly platform are automatically backed up every night to secure, access controlled, and redundant storage. We use these backups to automatically bring our application back online in the event of an outage.
From our instance images to our databases, each component is backed up to secure, access-controlled, and redundant storage. We apply AWS Best Practices to ensure High-Availability of our Infrastructure and Primary Databases. In addition to standard backup practices, Meetly’s infrastructure is designed to scale and be fault tolerant by automatically failing over to healthy instances and reducing the likelihood of any issues being visible to the user.
The Meetly platform is designed to automatically failover to Synced and Redundant databases in the event of the failure of our Primary Databases.
Within 30 days of a written data deletion request, by an authorized representative of the tenant company, we will remove user related data from the DB. Backed up data will be rotated out of our archives within 30 days after deletion from the DB.
Decommissioning hardware is managed by our infrastructure provider using a process designed to prevent customer data exposure. AWS uses techniques outlined in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data.
For additional information see: https://aws.amazon.com/security
We takes steps to protect the privacy of our customers and protect data stored within the platform. Some of the protections inherent to Meetly’s products include authentication, access controls, data transport encryption, HTTPS restrictions to our platform, and all customer data encrypted at rest. For additional information see: https://runmeetly.com/security
General Meetly staff do not access or interact with customer data or applications as part of normal operations. Our Meetly Customer Success (CS) team does review your data on your behalf at the request of the customer, for support purposes or where required by law. Customer data is access controlled and all access restricted to the Meetly CS or Developer Team.
Meetly is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.
If you think you may have found a security vulnerability within Meetly, please get in touch with our security team.
Sub-processors for the personal data we process on behalf of our customers.
Last Updated: January 16, 2019
Last Updated: January 16, 2019
1. PERSONAL INFORMATION WE COLLECT
We obtain Personal Information relating to you from various sources described below. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from our products and services if that information is necessary to provide you with them or if we are legally required to collect it. The information we collect includes:
Personal Information You Provide:
- Website visitors. We may collect any Personal Information that website visitors voluntarily provide on our website. For example, we may ask you to provide your name, company, email address, phone number and job title to offer you a free trial of the Platform, to register you for webinars and events, or to enable you to download white papers and other materials.
Communications. If you contact us directly (e.g., via email, phone etc.) or fill out information on our website (e.g., to try our services for free, to ask a question via our online contact details, to create an account etc.), we collect your name, email address, phone, company, postal address, the content, date and time of your message and any attachments thereto, and other information you may directly provide to us.
Business contacts. We may receive professional contact details of employees and other individuals associated with our Customers, partners, and vendors, such as first and last name, email address, phone number, title and department, and other information relevant to the particular business relationship.
Personal Information Provided by Third Parties:
Other third parties. We may also obtain Personal Information about you from other third parties, such as business partners, marketing partners, and directory services, who may provide us with sales leads including professional contact information.
Personal Information Collected via Automated Means:
When you visit our website, use the Platform, open our emails, or otherwise interact with our products and services, we and our third-party partners, such as analytics providers, may collect information, including Personal Information about you, by automated means, such as cookies (a small text file containing a string of alphanumeric characters), web beacons, web server logs and similar technologies.
Device information. We collect device-specific information, like your phone or computer model, device identifier, and operating system. With your permission, Meetly may access and collect information from your device’s contact list and photo storage.
Log information. When you use our products and services, we automatically store some information in our server logs, including: system crashes, system activity, browser type, date and time, length of usage, details of how you interact with our products and services (e.g., how often you interact with a question), such as events or clicks, and IP address.
Analytics information. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for our products and services. We currently use Google Analytics cookies to collect and process certain website usage data. You can learn more about Google Analytics at www.google.com/policies/privacy/partners/ and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Opt out. You may be able to change browser settings to block and delete cookies. However, if you do that, you may not be able to benefit from certain features of our products and services.
2. HOW WE USE PERSONAL INFORMATION:
Meetly uses your Personal Information for the purposes described below.
Providing our products and services. We use Personal Information to provide the Platform and related analytical reports and services, to operate our website and mobile application and to deliver other amazing products and services to you. We use Platform Users’ Personal Information to deliver the core functionality of Meetly, which includes collecting and analyzing questions, answers, comments, and votes on behalf of our Customers.
Analytics and product development. We and our service providers use Personal Information, such as your interactions with our products and services, including questions, answers, comments and votes, to monitor and analyze usage of, and to improve and enhance our products and services, for example by rearranging or adding and removing features or capabilities to help you use the product.
Communicating with you. We may use your Personal Information to communicate with you for customer service or technical-support purposes, or about topics or content that we think may interest you, such as special offers, updates about the latest developments or features of our products and services. Meetly may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
Tailored content. To provide you with tailored content and personalize your experience, for example by remembering your information so that you will not have to re-enter it the next time you use our products and services.
Advertising. We and our advertising partners may use your Personal Information, including your interactions with our products and services, to facilitate the delivery of advertisements.
Safety, security and compliance. We also use your Personal Information to comply with laws or to protect ourselves and others. For example, we might use Personal Information in investigating suspicious activity or violations in our Terms of Service, or to defend our legal rights.
If you are located in the European Economic Area, we only process your Personal Information based on a valid legal ground, including when:
Consent. You have consented to the use of your Personal Information, for example to send marketing communications, or to collect information via cookies and similar technologies.
Contract. We need your Personal Information to provide you with Meetly’s products and services, including for account registration or to respond to your inquiries.
Legitimate interest. We or a third party, have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information for analytics and product development purposes, and otherwise to provide safety and security. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
3. HOW WE DISCLOSE PERSONAL INFORMATION
Meetly may disclose Personal Information about you in the following circumstances:
Service providers. We engage third-party business partners to perform functions and provide services to us, like Amazon for data storage. Those business partners will be given limited access to your Personal Information as is reasonably necessary to provide us with those services.
Marketing. We do not rent, sell, or share Personal Information about you with other people or unaffiliated companies for their direct marketing purposes, unless we have your permission.
Compliance with the law. We may retain and disclose your Personal Information if we believe that it is appropriate or necessary in order to (a) comply with applicable laws, including laws outside your country of residence, such as to comply with a subpoena, regulation or legal request, respond to a government request, including from authorities outside your country of residence; (c) to enforce our terms and conditions; (d) to address fraud or security issues, to protect the safety, rights or property of any person, (e) to protect our own rights, operations and property; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.
Business transfers. Your information may be transferred to a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings) as part of that transaction. We may take steps to notify you via email and/or a prominent notice on our website of any change in ownership.
Anonymized information. Should we need to share data about Meetly usage with third parties (such as investors or partners), we will aggregate it and strip it of all Personal Information.
4. INFORMATION SECURITY
We take steps to protect the Personal Information we collect in our systems from unauthorized access, alteration, disclosure or destruction. We use appropriate administrative, physical and electronic measures designed to protect your Personal Information. We also evaluate, test, and improve our security infrastructure and processes. Please refer to our security policy at https://www.runmeetly.com/security
5. RETENTION PERIODS
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of services provided to you, the nature and length of our relationship with you, possible re-enrollment with our services, the impact on the services we provide to you if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations.
6. CHILDREN’S PRIVACY
We do not knowingly collect, maintain, or use Personal Information from children under 13 years of age, and no part of Meetly is directed to children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us at email@example.com. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate the child’s account.
7. INTERNATIONAL DATA TRANSFERS
Your Personal Information may be transferred to computers located in California, or other states within the United States and thus outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those where you reside. By using Meetly’s website, you agree to this transfer to the United States and globally.
8. YOUR RIGHTS AND CHOICES
Update and correct Personal Information. If you would like to request that we update or correct any Personal Information that you have provided to us through your use of our products and services, please send us an email at firstname.lastname@example.org.
European data protection rights. If you are located in the European Economic Area, you may have additional rights, including the right to:
1. Request access to and receive information about the Personal Information we maintain about you; update and correct inaccuracies in your Personal Information; restrict or object to the processing of your Personal Information; have the information anonymized or deleted, as appropriate; and to easily transfer your Personal Information to another company (data portability);
2. Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge (we will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal); and
3. Lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
These rights may be limited in some circumstances by local law requirements. You may exercise these rights by contacting us as indicated below.
THIRD PARTY LINKS
Lake Forest, CA 92618