Privacy Policy

OUR COMMITMENT TO PRIVACY

Aid For Good is committed to maintaining the confidentiality, integrity, and security of personal information about our current and prospective customers. In this policy personal information means information about an individual that is collected or maintained for counseling purposes and by which the individual can be identified. The privacy policies of Aid For Good are reviewed annually. Our printed and online notices are then updated to reflect any changes.

PRIVACY POLICY

How and why we obtain personal information Aid For Good takes great care to protect personal information about our clients, and when we use it, we do so with respect for your privacy. We may use personal information about you to service, maintain, and protect your account; respond to inquiries from you or your parent or guardian; develop, offer, and deliver counseling products and services; or to fulfill legal requirements. PulseLogs (our healthcare tool, which applies to PulseLogs clients only) may collect public and non-public personal information about you from any of the following sources:

• You or your parent or guardian creating a user profile (for example, first name, last name, address, phone, and email, full face photographic images and any comparable images, etc.)
• You or your parent or guardian filling out Intake forms (for example, name, address, birth date, marital status, email, fax and phone numbers, payment and billing information, signature, etc.)
• Other forms you or your parent or guardian may fill out in your account (for example, various Client Intakes, Consent Forms, Release of Information)
• Other interactions with our healthcare clients (for example, calls to schedule appointments or discussions with administrative staff, information you enter into our websites, when you enroll in our authentication services, filling out support tickets, etc.)
• You or your parent or guardian regarding your preferences (for example, the screen layout you specify if you use our Internet sites)
• Other documents uploaded and attached with your or your parent or guardian’s consent (for example, from other institutions or counselors)
• User activity logs to troubleshoot our apps functionality and to provide IT support (for example, account numbers, device identifiers and serial numbers, Web Universal Resource Locators (URLs), Internet Protocol (IP) address numbers, and any other unique identifying number, characteristic, or code)
• Data Backups and Archives
• Restored Data

Please note that information by which you cannot be identified (for example, anonymous or aggregated information) is not considered personal information and therefore is not subject to this privacy policy.

How we protect information about you

Aid For Good considers the protection of personal information to be a foundation of customer trust and a sound business practice. We employ physical, electronic and procedural controls and we regularly adapt these controls to respond to changing requirements and advances in technology.Aid For Good restricts access to personal information to those who require it to develop, support, offer and deliver products and services to you.

How we share information about you with third parties

Aid For Good does not share or sell personal information about customers of our various tools with unaffiliated third parties. We may share personal information with the following entities:

• Unaffiliated service providers (for example, server hosting, and other entities who may provide services at our clients’ direction)
• Government agencies, other regulatory bodies and law enforcement officials as permitted or required by law (for example, to respond to a subpoena)
• Other third-parties, with your consent or as directed by your parent or guardian (for example, if you choose to fill out a Release of Information form)

Our service providers are obligated to keep the personal information we share with them confidential and use it only to provide specified services requested by clients.

Your digital privacy

It is the policy of Aid For Good to ensure that your information is protected from misuse, loss, tampering, or use by unauthorized persons. This policy addresses the safeguarding of your information received, created, used, maintained, and/or transmitted via the communication mediums to authorized parties such as counselors, database administrators, and whoever you so specify in your Release of Information forms, etc. Verification of identity is attained prior to release of any information in compliance with Aid For Good Policy. Transmission of your information over Aid For Good’s own network is managed with internal controls such as unique User ID and Password authentication.Aid For Good utilizes a high security grade server that encrypts all of the data as it is entered as well as when it is at rest. We use firewall barriers, encryption techniques, and authentication procedures, among other controls, to maintain the security of your online session and to protect Aid For Good accounts and systems from unauthorized access. Our HIPAA-compliant servers’ security measures used for PulseLogs protect as much information as possible from malicious attackers through:

a. Electronic data protection:

1. Cisco firewall
2. ClamAV antivirus
3. Encrypted Drives for Data Encryption At-Rest
4. Threat Stack Oversight Intrusion Detection System
5. Safe Harbor Compliant
6. Guardian backups for databases, or specific files and folders so no data is lost
7. 24/7/365 server monitoring service
8. In-house technicians are immediately alerted if a particular port or service goes down on the server.
9. Technicians further investigate the cause of the downed service right away to potentially identify greater threats at the first sign of trouble.
10. Server monitoring keeps an eye on services such as HTTP, FTP, and mail to ensure servers are working as intended.

b. Physical data protection (in server farm):

1. Off-site servers
2. Data Center Physical System Security
3. 24/7/365 Manned Facility
4. Closed Circuit TV Security Cameras
5. Monitored 24/7/365 by 3rd Party Security Company
6. Site Entrance Controlled by Electronic Perimeter Access Card System
7. Data Centers Privately Owned and Operated
8. Durable, Poured Concrete External Walls
9. Disaster Neutral Geographic Locations
10. Advanced Fire Prevention Infrastructure
11. Dry Pipe Preaction, Double Interlock System
12. NFPA 13 Compliant
13. Office Space Separate from Data Center Space
14. Advanced Proximity Credentials Required to Access Data Center
15. All Employees Receive Full Background Check
16. Secured Server Cabinets Included
17. Component Level Redundancy Available for Hard Drives
18. Hot and Cold Spare On-site Servers Available

Our service providers are obligated to keep the personal information we share with them confidential and use it only to provide specified services requested by clients.

Cookies and similar technologies

Aid For Good may use cookies and similar technologies to support the operation of our digital toolsets. Cookies are small amounts of data that a website or online service exchanges with a web browser or application on a visitor’s device (for example, computer, tablet, or mobile phone). Cookies help us to collect information about users of our digital toolsets, including date and time of visits, pages viewed, amount of time spent using our digital offerings, or general information about the device used to access our digital offerings. Aid For Good cookies are also used for security purposes and to personalize your experience, such as customizing your screen layout.You can refuse or delete cookies. Most browsers and mobile devices offer their own settings to manage cookies. If you refuse a cookie, or if you delete cookies from your device, you may experience some inconvenience in your use of our digital offerings. For example, you may not be able to sign in and access your account, or we may not be able to recognize you, your device, or your online preferences.

DATA RETENTION POLICY

SOC 2 Type 2 Compliance for Active and Retained Data
The Aid For Good platform and infrastructure is built on Microsoft Azure and utilizes Microsoft as it’s cloud service provider (CSP). Microsoft CSP and data centers are SOC 2 Type 2 compliant as conducted by third-party CPA firms. This ensures all active and archive data stored by Aid For Good meets, or exceeds, the minimum requirements deemed for System and Organization Controls (SOC) for Service Organizations as outlined by AICPA. The Microsoft Azure infrastructure utilized by Aid For Good meets and/or exceeds the following attestations:

• SSAE No. 18 Attestation Standards
• SOC 2 Reporting Attestation
• TSP section 100, 2017

Moreover, the Microsoft Azure SOC 2 Type 2 attestation report addresses the requirements set forth in the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and the Cloud Computing Compliance Criteria Catalouge (C5:2020) created by the German Federal Office for Information Security (BSI). You may review the Azure compliance offerings here:
https://docs.microsoft.com/en-us/azure/compliance/offerings/offering-csa-star-attestation
https://docs.microsoft.com/en-us/azure/compliance/offerings/offering-germany-c5

Payment Card Industry (PCI) Data Security Standard (DSS)

Aid For Good utilizes PCI DSS compliant vendors/gateway for payment processing and authorization. Aid For Good does not store data related to payment other than card holder name, address, and transaction ID. All other payment data, if stored, is done so at the request of the card holder and stored with the vendor/gateway provider as outlined by PCI DSS requirements.

Data Retention Policy

Aid For Good only retains active data for subscribed clients and only data necessary to effectively conduct its activities and work in fulfillment of its mission.Aid For Good strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is fully deleted when no longer required. This policy sets forth Aid For Good’s guidelines on data retention as consistently applied throughout our organization.

Scope

This policy covers all data collected by Aid For Good and stored on Aid For Good owned or leased systems and media, regardless of location, as it applies to data collected and held electronically.

Reasons for Data Retention

Aid For Good retains data that is necessary to effectively conduct its activities, fulfil its mission, and comply with applicable laws and regulations.Reasons for data retention include:

• Providing an ongoing service to customer
• Compliance with applicable laws and regulations associated with financial and programmatic reporting by Aid For Good to its funding agencies and other donors
• Security incident or other investigation
• Intellectual property preservation
• Litigation

Moreover, the Microsoft Azure SOC 2 Type 2 attestation report addresses the requirements set forth in the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and the Cloud Computing Compliance Criteria Catalouge (C5:2020) created by the German Federal Office for Information Security (BSI). You may review the Azure compliance offerings here:

Data Duplication

Aid For Good seeks to avoid duplication in data storage whenever possible, however, there may be instances in which, for programmatic or other business reasons, it is necessary for data to be held in more than one place. This policy applies to all data in Aid For Good’s possession, including duplicate copies of data.

Data Destruction

Data destruction ensures that Aid For Good manages the data it controls and processes in an efficient and responsible manner. When the retention period for the data as outlined above expires, Aid For Good will actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by Aid For Good’s data protection officer, or equivalent level executive member, in consultation with legal counsel prohibiting the destruction of certain documents and/or data records. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.

Client Separation

If you are a former customer, these policies also apply to you; we treat your information with the same care as we do information about current customers.In the event that a Aid For Good client elects to discontinue or otherwise unsubscribe from actively utilizing the Aid For Good platform and infrastructure the client reserves the right to request any files and data records be destroyed. This request must be made official in writing acknowledging all active data related to the client’s account will be destroyed.

Data Backups and Archives

Data which is part of backup and/or archives will remain as such until the outlined retention period as outlined above expires. This is necessary to preserve the integrity of the backup/archive.

Restored Data

In the event that data must be restored from a backup or archive the data and records associated with the client will again be removed from active storage.