DCDial is PCI-DSS certified. The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. Certification confirms that we:

• Build and maintain a secure network and systems
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

For more information on PCI DSS, please visit pcisecuritystandards.org

As part of DCDial operations, it is needed to obtain and process information. This information includes any offline or online data that makes a person identifiable (PII) such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, credit card numbers, financial data, phone numbers, etc.

Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, we make sure it is not misused.

Data we protect will be:

• Accurate and kept up-to-date
• Collected fairly and for lawful purposes only
• Processed by the company within its legal and moral boundaries
• Protected against any unauthorized or illegal access by internal or external parties

Data we protect will not be:

• Communicated informally
• Stored for more than a specified amount of time
• Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

DCDial’s customer’s are owners of their data. Customers can download contact lists, reports and other important records at any time in CSV or PDF format.

In addition to ways of handling the data, DCDial has direct obligations towards people to whom the data belongs. Specifically we will:

• Let people know which of their data is collected
• Inform people about how we’ll process their data
• Inform people about who has access to their information
• Have provisions in cases of lost, corrupted or compromised data
• Allow people to request that we modify, erase, reduce or correct data contained in our databases

DCDial follows best practices while designing its cloud based infrastructure and security processes and procedures.

• All users are trained and required to follow internal security policies which includes keeping their endpoint devices up to date with security patches and latest antivirus updates.
• Our infrastructure is protected by VPN access, firewalls, malware protection tools, etc.
• Our infrastructure is updated and patched on regular basis.
• Our infrastructure is monitored 24/7/365.
• Our critical servers are backed up periodically.
• Connection to internal environment requires Multi-factor authentication.
• Subset of internal users have access to database where customer’s data is stored.
• Customers can only access their portion of data using web or mobile interface.
• Database is stored on an encrypted volume.
• Customer’s data is being kept in internal database hosted in our environment.
• Customer’s data is being kept for a specific period of time or until customer stops using DCDial’s service.
• Procedure for reporting privacy breaches or data misuse have been established.