CirrusLS contracts with Microsoft as its licensor of the MS Azure for data storage and security. As Client is a sub-licensor of MS Azure, liability for breaches to Client data processed or stored on MS Azure is specifically limited to the terms of the Microsoft MS Azure service and SLA policies, and as set forth in the CirrusLS Service Agreement.
Microsoft regards personal information as private and will take reasonable and customary measures to appropriately handle personally identifiable information. Microsoft (including, for this purpose, all of their U.S. subsidiaries) is Safe Harbor certified with the U.S. Department of Commerce. This allows for legal transfer of data to Microsoft for processing from within European Union and countries with aligned data protection laws. The MS Azure platform, like other Microsoft services and products, is built in accordance with Microsoft Trustworthy Computing Initiative’s privacy guidelines.
A “Device” is any computer used to access the Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
“Files” are Client uploaded files containing its customers’ information that are transmitted through and stored with the Services on the MS Azure Cloud Platform.
“Log Data” is information regarding the Device used for Client’s access of Services at which time of access the Client activity is automatically collected and stored. Log Data may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before the CirrusLS website was accessed, information searched for on the CirrusLS website, locale preferences, identification numbers associated with Devices, mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning Files accessed, and other interactions with the Service. For the convenience and security of Clients, portions of Log Data are made available with the “Reports” feature of the Services as an “Activity Log”, as organized into three categories: User, Loan, Feature.
“Client Data” includes Files and Client’s customers’ information or other data transmitted and stored in or through the Services, and as set forth in the terms of Service Agreement.
“Client Information” includes information provided by Client when registering an account for Services, such as name, phone number, credit card or other billing information, email address and home and business postal addresses. Client Information also includes Log Data.
“SSE” is the sleep state encryption techniques performed on Client Data by CirrusLS as it resides in the MS Azure cloud platform.
Information Provided by Client. When Client registers an account for Web Services, some personal information is collected by CirrusLS, such as name, phone number, credit card or other billing information, email address and home and business postal addresses. Client may also request that CirrusLS import documents by giving access to Client’s third party services (for example, a database). Client may also provide CirrusLS with its contacts’ email addresses when sharing folders or files with them. CirrusLS may also receive Personal Information (for example, Clients’ or its customers’ email address(es)) through other users, for example if they have tried to share something with Client or tried to refer CirrusLS. Such information provided by Client is treated by CirrusLS as proprietary to Client, and as Confidential Information pursuant to the terms of CirrusLS Service Agreement.
CirrusLS Added Encryption. Client Data is encrypted at all times with CirrusLS SSE as it resides in the MS Azure cloud platform. In the event of physical compromise of the MS Azure cloud environment containing Client Data the internal or external sources of the file system containing the encrypted Client Data will not be in clear text and therefore will be unusable by an intruder. The SSE incorporates GUID (globally unique identifier), for unique reference and identification of Client Data, through implementation of the UUID (universally unique identifier) standard. By obscuring folder and file names with GUID and implementing encryption techniques on Files the directory structure becomes undecipherable and offers an improved level of protection to Clients. Through the utilization of this technique, Files are unreadable outside of the application by any user – inclusive of internal CirrusLS employees.
CirrusLS Access to Client Data and Client Information. Because Client Data is encrypted by CirrusLS’ SSE, CirrusLS, including its employees and contractors, does not have direct access to Client Data in the normal course of operations. Client Data and Client Information is treated by CirrusLS as Confidential Information pursuant to the terms of CirrusLS Service Agreement.
Microsoft Operations Access to Client Data. The MS Azure platform is designed to be run without routine access to Client Data by Microsoft personnel. Because Client Data is encrypted by CirrusLS’ SSE, Microsoft, including its employees and contractors, does not have direct access to Client Data.
For information about specific data handling and privacy practices on the MS Azure platform, please contact Cirrus Lending Services, Inc. at Support@CirrusLS.com.