Security, Privacy and Data Protection
Your Data is Safe and Secure
How do we help secure your member records and other data? How do we secure your online payments? What do we do with your data? Who owns your data? Will Wild Apricot be around for the long haul? What kind of processes and procedures are used to ensure security?
How do we help secure your member records and other data?
To ensure security and privacy of your data, Wild Apricot provides traffic encryption (https) capability. Traffic encryption ensures that data entered into the online forms (e.g. membership application, event registration) as well as data transferred from Wild Apricot servers back to visitors is protected from snooping, for example if you access internet over an insecure WiFi connection.
For more information, visit our on help page on traffic encryption.
How do we secure online payments?
The major credit card issuers created PCI (Payment Card Industry) compliance standards. These are stringent standards to protect personal information and ensure security for online payment transactions. Here’s our PCI compliance certificate.
As part of our PCI compliance, our payment processing systems are scanned regularly by Trustwave, a recognized 3rd party tester, according to PCI requirements.
A certificate confirming compliance is issued every 3 months. Here is our current scan certificate.
What do we with your data?
Short answer: we only use your data for running your Wild Apricot account. Period.
Our business model is very simple - our revenue comes from paid accounts subscription plus a (very small) chunk from ads displayed on websites of free accounts. We do not sell or share any personal information about you or your members to any outside organization/partners/advertisers.
Who owns the data?
We do not hold your data hostage. You can download all your contacts/member data at any time in a Microsoft Excel-compatible format. (Same for other important records like event registrations, financial transactions etc.)
For instructions on how to download your data, see Exporting members and other contacts.
Will Wild Apricot be around for the the long haul?
Wild Apricot isn't going anywhere - and neither is your data!
Our company is headquartered in Toronto and has been around since 2001. Wild Apricot software was launched in 2006 (and is the only thing that we do these days).
Wild Apricot Inc. has been Better Business Bureau Accredited since 2006. Please check out our current BBB Reliability Report.
We invest heavily into R&D to maintain the reliability of our software and constantly improve it - see our release history. 40% of our revenue is invested into R&D, and our development team consists of over 50 people. We also invest heavily in technology infrastructure to help make sure you have fast, reliable access to your Wild Apricot account at all times.
Wild Apricot has passed a number of strict Microsoft platform tests. Testing was conducted independently by VeriTest, a testing service of Lionbridge Technologies. These tests ensure compliance with Microsoft platform requirements to ensure security and reliability.
As of the beginning of 2014, Wild Apricot has more than 6,700 paid customers, as well as thousands more using the free versions of our system.
What kind of processes and procedures are used to ensure security?
Wild Apricot's main data center is running on an enterprise hosting platform by CBeyond (formerly MaximumASP) in Louisville, Kentucky. Established in 2000, CBeyond is a well-respected and secure provider of hosting for 'cloud' applications like Wild Apricot.
Wild Apricot payment systems use even higher and more expensive grade of hosting at FireHost, the leader in secure cloud hosting, capable of protecting sensitive data and brand reputations of the world's enterprises. We have two services in Dallas, Texas and Phoenix, Arizona available in the case of a disaster.
The data center where Wild Apricot is hosted is audited to the SAS 70 industry standard, which verifies the use of state-of-the-art physical security and disaster protection. This includes:
Wild Apricot is hosted within CBeyond's fully managed infrastructure, which includes world-class:
- Network and Performance Management - to make sure Wild Apricot is always as fast and reliable as possible
- Data Backup and Security Management - to make sure your data never gets lost or stolen
- Monitoring and Reporting - to help us troubleshoot problems and ensure speedy performance
In addition to the services managed by CBeyond, here is an outline of Wild Apricot's own back-up and testing procedures:
- All Wild Apricot customer data is fully backed-up nightly to the Amazon S3 datastore
- We have 24/7 infrastructure monitoring of all our customer sites (meaning that if something fails, we immediately get notified by email and SMS)
- We regularly test our disaster recovery procedures to make sure we can recover data quickly in the event of a problem
- Symantec enterprise-strength anti-virus software runs on all our servers
- Our database reliability is ensured by SQL server failover clustering solution
- File-based storage relies on Dell Compellent Storage Center SAN disks
Our software development process includes security testing phase and detailed checklists.