Database Security

Transparency

Predictions and NextAO, like many other SaaS platforms, are hosted on a third-party platform. This allows us to focus on your tools' value, while a partner organization is laser-focused on the security of your data. Our commitment to you is to keep your information as secure as possible. This commitment is prioritized above all else. We do not trade convenience for proper information security.

Encryption

Your data is encrypted at rest and in transit, with bank-level encryption (SHA-256 and AES-256).

This means the information appears gibberish to anyone who does not have the decryption key. Even the AWS servers where your data is securely stored cannot access any of your information without the encryption key that resides in your account. Only authorized parties (you and your organization) can view your information.

Passwords

Your password is encrypted, salted, and never stored in our database in a readable or unencrypted format. You are responsible for choosing a strong password and keeping it secret. Two-factor authentication is available to all our customers, and we strongly recommend enabling it on your account for extra protection.

Backups

Your information is backed up across multiple servers and locations (still encrypted). This provides you with redundancy and information integrity should a disaster strike. Many think it is a good idea to build expensive server rooms to consolidate information into a single location. If that location is ever compromised by bad actors, a natural disaster, or just a mistake, your information is gone. We employ active backups that allow your information to be restored quickly if you lose it, and archives that store information long-term. We also provide the ability to export your critical data to spreadsheets, as well as customer service personnel who can assist you.

To request backups, contact us through the support form in the database.

Redundancy

We never rely on one single point of failure when it comes to your data. If a database goes down, we have others that are activated immediately, providing a seamless transition that you likely will not notice. We also store critical data in physical, offline, and secure locations, still encrypted as promised in our commitment to you.

Infrastructure

Your data is stored on Amazon Web Services (AWS) servers. Most commercial and government organizations store information on either Azure (Microsoft) or AWS (Amazon) servers. These organizations cannot view your data because they do not possess the encryption key needed to either encrypt or decrypt it. If anyone were ever to find a way to look at your data, it would look like random numbers, letters, and characters, still encrypted with SHA-256 and AES-256, bank-level encryption.

By using AWS as our storage provider, you gain access to state-of-the-art security and compliance standards and tools that Fortune 500 companies and even governments trust to maintain data integrity. AWS is continuously audited and accredited by various organizations worldwide. AWS mitigates DDoS through its robust platforms, built-in tools that can stop most attacks, and quickly recover should an attack be successful.

AWS is considered the industry leader in cloud services.

Our third-party provider (Knack) undergoes an annual audit with a third-party to attest to higher security standards and practices as a SOC 2 Type II certified provider.

Knack employs firewalls to protect every virtual server, database, and load balancer, ensuring that only authorized traffic can access them.

Privacy Policies

We maintain a privacy policy that is updated and reviewed consistently to comply with industry standards and best practices. You can view our policy here and our third-party providers here.

You own your data and are responsible for maintaining it. We do not own it, nor can we view it without your organization's permission. The only reason for Morton Executive Decisions (Predictions and NextAO’s parent company) to view your data would be to advise, at your request, on a specific task. This would require a consulting agreement, non-disclosure agreement, and scope of work agreement.

We may also need to make updates to Predictions and NextAO, which would require limited IT staff to have access to your records. These trusted staff are required to sign confidentiality and non-disclosure documents and are limited to 1-2 senior-level managers at Morton Executive Decisions. Even with the need to access your data, they would have no reason to view it, as fictitious test accounts are set up to make updates and add features to Predictions. All logins, views, and changes are time- and date-stamped and tracked for reference.

Any third-party vendors that you share information with do not fall under our privacy policy or terms of service. It is essential to know that anything you share with vendors through Predictions would fall under your own organization’s service terms.

Access Policies

A secure virtual private network governs all access to customer data by our third-party provider's employees. This access is monitored and can be revoked at any time, so even a stolen laptop presents no privacy risks. Knack engineers work in a development environment completely separated from live data. This way, no bugs or errors have even the slightest chance of affecting your data. Every access request to your data by a Knack employee is logged and time-stamped. We can confirm exact access by the Knack team to any data in the unlikely case that this log is needed.

Team Policies

Morton Executive Decisions and Knack employees sign non-disclosure and confidentiality agreements that provide legal backing for our obligation to keep your data private and confidential. All employees are provided with data security and standards training to ensure they employ best practices and mitigate the risk of errors. Morton Executive Decisions and Knack employees may need to access your data for support services. We only do this at your request and when necessary to resolve the issue to your satisfaction.

Features

In addition to our internal standards and policies regarding information security, we also provide you with the tools to ensure your organization can protect its data. We do this by implementing two-factor authentication and password requirements. We also use roles and permissions that you can control to restrict access to what is necessary, based on your team's need-to-know information. We can, at your request and with an enterprise account, integrate your Active Directory or LDAP users for Single Sign-On to limit access to your established users.

All passwords are double-encrypted and hashed with a salt, which prevents dictionary attacks and adds extra security to your login.

We also track all changes to any records with a timestamp to ensure compliance.

We welcome the opportunity to allow your organization to audit our security measures and are confident that we are providing a level of security well above industry standards. Please contact us at info@predictprotection.com with any concerns or questions regarding the security of your data.