Data Security and Protection
We lock up your data by complying with:
• U.S. Commerce Department’s National Institute of Standards and Technology (NIST) cybersecurity framework
• European Union’s General Data Protection Regulation (GDPR)
• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
• Various USA state laws and regulations
Privacy and Confidentiality
RudiCoder LLC (“RudiCoder”, “we”, or “us”) provides web-based automation applications and other services (“Services”) for merchants, food and liquor producers, shippers and fulfillment services, and related persons and companies (“Subscribers”, or “you”).
RudiCoder keeps the information, electronic files, and other data that any Subscriber provides to RudiCoder (“Subscriber Information”) strictly private and confidential.
With respect to customers of a Subscriber, the Subscriber Information includes the customer’s name, address, email address, telephone number, and order information (“Customer Information”). RudiCoder only obtains, processes, and stores Customer Information for customers whose address indicates they are located in the United States of America. RudiCoder does not obtain, process, or store any other Customer Information.
RudiCoder does not and shall not review or examine any Subscriber Information without express permission from Subscriber.
RudiCoder does not and shall not transfer, sell, share, or otherwise reveal any Subscriber Information (including any Customer Information) with or to any person or entity, for any purpose whatsoever, except as necessary to perform the Services for Subscriber, except as necessary to comply with an express direction from Subscriber, and/or except to comply with any applicable law(s), court order(s), or subpoena(s).
For example, with respect to customers of a Subscriber, the Customer Information will be transmitted to and shared with the United States of America’s Food and Drug Administration (“FDA”) through its “Prior Notice System Interface”, but only to the extent required by the FDA and related laws and regulations. This is essential to perform the Services for Subscriber.
You can do the following at any time by contacting us at the mailing address, email address, or phone number provided below:
» Opt out of future contacts from us
» See what data we have about you, if any
» Change or correct any data we have about you
» Have us delete any data we have about you
» Express any concern you have about our use of your data.
ATTN: Chief Information Security Officer (CISO)
105 W. Madison Street
Suite 603 East
Chicago, Illinois 60602
Tel/Fax +1 (844) 464-6282
For additional information and details, please see our Terms of Service.
Data Security Overview
Our apps are secure by design — from the ground up. And we keep things that way, throughout the development, implementation, updating, and maintenance cycles.
Like most quality online systems, all of your data with all of our applications is encrypted both “in transit” and “at rest.”
In other words, all transmissions to and from our apps, and all items stored in our apps, are all encrypted using at least 256-bit SSL certificates, providing strong “bank-grade” security.
Cybersecurity, data protection, and privacy are integral parts of our software design, engineering, development, updating, and maintenance functions.
For example, as to all of our applications, we comply with the NIST’s Framework for Improving Critical Infrastructure Cybersecurity and Special Publication 800-171.
We also comply with various USA state laws relating to data protection and privacy, as well as the European Union’s GDPR and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
More specifically, as to all of our applications, we provide at least the following features and maintain at least the following processes and procedures:
• Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; and
• Establish and enforce security configuration settings for information technology products employed in organizational systems; and
• Track, review, approve or disapprove, and audit changes to systems; and
• Analyze the security impact of changes prior to implementation; and
• Establish, implement, and enforce physical and logical access restrictions associated with changes to systems; and
• Employ the principle of least functionality by configuring systems to provide only essential capabilities; and
• Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols, and services; and
• Apply deny-by-exception (blacklisting) policies to prevent unauthorized access, or deny-all, permit-by-exception (whitelisting) policies to allow only authorized access; and
• Control and monitor any software that RudiCoder makes available for local installation by its customers and its customers’ users (“Subscribers”); and
• Limit information system access to authorized Subscribers, internal users, and related processes, with additional limitations on access to more sensitive data (Role Based Access Controls); and
• Limit unsuccessful logon attempts; and
• Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity; and
• Automatically terminate user sessions after defined conditions; and
• Limit the transmission and storage of Subscriber data to only necessary processes; and
• Limit the retention and storage of Subscriber data to only 30 calendar days; and
• Encrypt all data in transit and at rest; and
• Establish capabilities and systems to allow current and former Subscribers to obtain confirmation regarding whether or not data concerning them is being processed or used by RudiCoder, and if so where and for what purpose; and
• Establish capabilities and systems to allow Subscribers to obtain a copy of their data, free of charge, in a commonly used and machine readable electronic format; and
• Establish capabilities and systems to allow Subscribers to easily delete and permanently erase their data; and
• Establish capabilities and systems to allow Subscribers to easily change, correct, and update their data; and
• Ensure that all internal users are properly trained (Awareness and Training); and
• Create, retain, and maintain information system audit records (Audit and Accountability Controls); and
• Establish, maintain, and enforce baseline configurations and inventories of systems (Configuration Management Controls); and
• Identify and authenticate internal users, processes, or devices, as a prerequisite to allowing access to systems (Identification and Authentication Controls); and
• Provide multi-factor authentication options for all Subscribers; and
• Enforce a minimum password complexity and change of characters when new passwords are created; and
• Obscure feedback of authentication information; and
• Store and transmit only cryptographically-protected passwords; and
• Establish, implement, and maintain incident-handling capabilities and systems that include preparation, detection, analysis, containment, recovery, and Subscriber response activities (Incident Response Processes); and
• Establish, implement, and maintain capabilities and systems to track, document, and report incidents to affected Subscribers, designated officials, and/or authorities both internal and external to the organization; and
• Establish, implement, and maintain appropriate maintenance and updating on all information systems (Maintenance Processes); and
• Protect, secure and ensure the proper destruction of all media containing Subscriber data (Media Protection Controls); and
• Screen internal users prior to authorizing access (Personnel Security Controls); and
• Ensure that all systems containing Subscriber data and/or sensitive systems information are protected during and after personnel actions such as terminations and transfers; and
• Limit and secure physical access to systems (Physical Protection Controls); and
• Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of Subscriber data and/or sensitive systems information (Risk Assessment Processes); and
• Regularly scan for vulnerabilities in organizational systems and applications; and
• Remediate vulnerabilities immediately; and
• Periodically assess security controls and implement action plans (Security Assessment Processes); and
• Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems (System and Communications Protection Controls); and
• Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems; and
• Separate Subscriber and internal user functionality from system management functionality; and
• Prevent unauthorized and unintended information transfer via shared system resources; and
• Identify, report, and correct information flaws in a timely manner (System and Information Integrity Requirement).