Security Center

Your Source For Our Latest Security & System Information

Customer Security Responsibilities

SAFEGUARD PASSWORDS

Keep your user passwords safe by following these tips.

  • Use a strong password that is difficult for others to guess and avoid birthdays, names, and pet’s names. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo
  • Use more symbols and numbers in passwords. The reality is that longer, more complex logins are harder to breach.
  • Never write down your password or share it with others.
  • Never provide your BotDoc account login or password, credit card number, or other personal information via email or to unknown parties.

Note: BotDoc will never ask you for your password.

Exercise caution using public computers (coffee shops, library, airport, hotel): Public web browsers can cache personal data and store login details. Always log off of web sites and clear the browser cache to protect your personal information, passwords, and accounts.

SAFELY DISPOSE OF PERSONAL INFORMATION

Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive.

Before you dispose of a mobile device, check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device. Remove the memory or subscriber identity module (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.

AVOID PHISHING EMAILS

Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.

READ PRIVACY POLICIES

Yes, they can be long and complex, but they tell you how the site maintains accuracy, access, security, and control of the personal information it collects; how it uses the information, and whether it provides information to third parties.


REPORT ISSUES

System failures, suspected breach, or general incident

If you are experiencing a system failure, suspect some type of technical incident or breach, or have a general issue, please contact us at support@botdoc.io or click “Chat with us”

Suspicious Emails

If you believe you may have received a fake email, forward the entire email – including the header information – to us at: support@botdoc.io, then delete it from your mailbox.

Security Incidents/Breach

If you find or suspect a security incident, please report this to us at: support@botdoc.io


SECURITY ASSURANCE

Key Security Features

Security is part us, and part you. That’s why we’ve developed best practices for securing your Botdoc-powered applications.

Data Encryption

Files are encrypted in transit (only strong cipher suites) and at rest (AES-256).

Authentication

Two-factor authentication with RSA, SecurID or a digital certificate as well as Active Directory integration.

Network Security

Dual redundant firewalls, network IPS, layer 7 IPS, DOS prevention, and penetration tests.

Access Controls

Access rights, permissions, and ethical walls based on users and groups.

ISO 27002:2013 & ISO/IEC 27017:2015

Botdoc is ISO27002:2013 certified through MS Azure. This is the highest level of global information security assurance available today, and provides customers assurance that Botdoc meets stringent international standards on security. ISO/IEC 27017:2015 certification, an international standard that aligns with and complements the ISO/IEC 27002:2013 with an emphasis on cloud-specific threats and risks.

Application Security

Static and dynamic application scans, comprehensive logging, and adherence to programming best practices (OWASP Top Ten, etc).

Service Organization Controls (SOC)

Annual Type 2 SOC 2 and SOC 2+ audits based on standards set by the AICPA.

PCI DSS

Botdoc maintains compliance with the current version of the PCI Data Security Standard (DSS) to ensure safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), Botdoc places stringent controls around cardholder data as both a service provider and merchant.

HIPAA Compliant

Full compliance with the Health Insurance Portability and Accountability Act of 1996 for privacy, security, and breach notification rules for data storage.

Privacy Shield Certified

BotDoc complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

FERPA Compliant

Compliant with the US Department of Education regarding data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of student data.

GDPR Compliant

Compliant with processing and holding the personal data of subjects residing in the EU.


Updates and Alerts

Routine maintenance, new features, fixes, updates and other important announcements!

(For best results please clear your browser history/cache after updates)


Botdoc APP Planned Maintenance Outage/Updates May 8, 2019

On Wednesday, May 8 at 3am MST there will be scheduled down time to perform upgrades to Botdoc.  We anticipate this planned outage will take approximately 1 hour to perform.
We’re adding some BIG features to Botdoc’s platform, which include:

  • Copy and Paste multiple emails and mobile numbers to Requests
  • Push/Pull language added to the Dashboard
  • 2 Factor Authorization upgrades
  • Privacy Policy Update

Click here to view Botdoc’s new Privacy Policy.   If you do not agree to the new Privacy Policy, please do not use our website, mobile apps or online services after May 8th, 2019.  Your continued use of our website, mobile apps or online services is your consent to the new Privacy Policy.  

Affected Product/Service: Botdoc Interface

Expected Behavior:
Botdoc’s interface will be inaccessible during this scheduled maintenance.  Users Requests and Sends (inbound and outbound data/communications) will NOT be processed during this period. 

Why we’re doing this:
Botdoc has received great feedback from its USERS therefore our team is expanding NEW features to our clients.  These new updates and features expand capabilities providing more advancements to our users regarding secure transport of data between two points.
We appreciate your patience and understanding.  If you have any questions or concerns you can reach us at support@botdoc.io

Thanks,
Botdoc Team


Botdoc API Planned Maintenance – March 6, 2019

On Wednesday, March 6 at Midnight MST there will be scheduled down time to perform upgrades to Botdoc API. We anticipate this planned outage will take approximately 1 hour to perform.

We’re adding some BIG features to Botdoc’s API Developers platform, which include:
• New endpoint for media integrity check (implementation details on the documentation)
• Increased the length and security of the URL short code
• Change password rules to follow strong password methodologies
• Improvements in the dashboard white label layout
• bug fixes

Affected Product/Service: Botdoc API Sandbox and API Production Interface

Expected Behavior:
Botdoc’s interface will be inaccessible during this scheduled maintenance. Users Requests and Sends (inbound and outbound data/communications) will NOT be processed during this period.

Why we’re doing this:
Botdoc is expanding NEW features to our developers. These new updates and features expand capabilities providing more advancements to our developers regarding secure transport of data between two points.
We appreciate your patience and understanding. If you have any questions or concerns you can reach us on Slack at https://botdoc.io/slack/

Thanks,
Botdoc API Team


BotDoc Planned Maintenance Outage/Updates Dec 23 2018

On Friday, November 23rd at  9pm EST there will be scheduled down time to perform upgrades to Botdoc. We anticipate this planned outage will take approximately 1 hour to perform.

Affected Product/Service: Botdoc Interface

Expected Behavior:

Botdoc’s interface will be inaccessible during this scheduled maintenance.  Users Requests and Sends (inbound and outbound data/communications) will NOT be processed during this period.
Why we’re doing this:

Botdoc has received great feedback from its USERS therefore our team is expanding NEW features and upgrades to our clients.  These new updates and features expand capabilities providing more advancements to our users regarding secure transport of data between two points.

We appreciate your patience and understanding.  If you have any questions or concerns you can reach us at support@botdoc.io

Thanks,

Botdoc Team


08/20/2017 BotDoc Planned Maintenance Outage/Updates

On Monday, August 20th at 9am UTC (7 ET, 6 CT, 5 MT, 4 PT) there will be scheduled down time to perform upgrades to Botdoc.  We anticipate this planned outage will take approximately 1 hour to perform.

We’re adding some BIG features to Botdoc’s platform, which include:

  • Mobile and Office phone now available on virtual business card snapshot on completed Requests
  • Re-send button available on Requests and Sends
  • Stop/Kill button on Sends
  • Enhancements of large file size downloads
  • Drag-and-Drop feature for uploads (grab multiple files at once)

Affected Product/Service: Botdoc Interface

Expected Behavior:

Botdoc’s interface will be inaccessible during this scheduled maintenance.  Users Requests and Sends (inbound and outbound data/communications) will NOT be processed during this period.

Why we’re doing this:

Botdoc has received great feedback from its USERS therefore our team is expanding NEW features to our clients.  These new updates and features expand capabilities providing more advancements to our users regarding secure transport of data between two points.

We appreciate your patience and understanding.  If you have any questions or concerns you can reach us at support@botdoc.io

Thanks,

Botdoc Team


GDPR UPDATE

The General data protection regulation

The EU’s new data privacy law, the General Data Protection Regulation, goes into effect on May 25, 2018 and applies not only to EU-based organizations, but also to anyone who has customers or contacts in the EU.

We are actively preparing our business and compliance processes for the GDPR to take effect, and this guide is intended to help our customers do the same. Please note that this guide is for informational purposes only and should not be relied upon as legal advice. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organization.

What and Who

The GDPR is a European Union (EU) privacy law that will affect businesses around the world when it becomes enforceable on May 25, 2018. It regulates how any organization that is subject to the Regulation treats or uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.

The GDPR will replace an older directive on data privacy, Directive 95/46/EC, and it introduces a few important changes that may affect Botdoc users.

A regulation such as the GDPR is a binding act, which must be followed in its entirety throughout the EU. The GDPR is an attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and eliminate personal data. It will have a significant impact on businesses around the world.

Who does it affect?

The scope of the GDPR is very broad. The GDPR will affect (1) all organizations established in the EU, and (2) all organizations involved in processing personal data of EU citizens. The latter is the GDPR’s introduction of the principle of “extraterritoriality”; meaning, the GDPR will apply to any organization processing personal data of EU citizens—regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organization anywhere in the world, and all organizations should perform an analysis to determine whether or not they are processing the personal data of EU citizens. The GDPR also applies across all industries and sectors.

There are a few definitions that will aid the understanding of the GDPR’s broad scope.

What is considered “personal data”?

Per the GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Consider the extremely broad reach of that definition. Personal data will now include not only data that is commonly considered to be personal in nature (e.g., social security numbers, names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, biometric data, financial information, and much more.

Sensitive personal data, such as health information or information that reveals a person’s racial or ethnic origin, will require even greater protection. You should not store data of this nature within your Botdoc account.

What does it mean to “process” data?

Per the GDPR, processing is “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” Basically, if you are collecting, managing, using or storing any personal data of EU citizens, you are processing EU personal data within the meaning prescribed by the GDPR. This means, for example, that if any of your Botdoc accounts contain the email address, name, or other personal data of any EU citizen, then you are processing EU personal data under the GDPR.

Do you need to comply with the GDPR?

You should consult with legal and other professional counsel regarding the full scope of your compliance obligations. Generally speaking, however, if you are an organization that is organized in the EU or one that is processing the personal data of EU citizens, the GDPR will apply to you. Even if all that you are doing is collecting or storing email addresses, if those email addresses belong to EU citizens, the GDPR likely applies to you.

Data Controllers and Data Processors

GDPR carries over the concepts of data controllers and data processors from the Directive. Similar to the Directive, data controllers and data processors have different obligations under GDPR. Therefore, it’s important to understand whether you’re acting as a data controller or a data processor in relation to the various categories of personal data you process.

WHO IS A DATA CONTROLLER?

GDPR defines a data controller as “the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” In other words, if your organization processes personal data for your own organization’s purposes and needs—not merely as a service provider acting on behalf of another organization—then you are likely to be a data controller.

When Botdoc processes your Customer Account Data, meaning you have created an account, the Botdoc entity with whom you are contracting is acting as a controller.

WHO IS A DATA PROCESSOR?

Businesses or organizations that process personal data solely on behalf of, and as directed by, data controllers are data processors. In other words, when a data controller outsources a data processing function to another entity, that other entity is generally a data processor.

When our customers use our Services, we process and store certain information on their behalf as a data processor. For example, when a customer (or the customer’s Authorized Users) uploads or downloads files or other documents for review we act primarily as a data processor and process information on the customer’s behalf and in accordance with their instructions. In those instances, the customer as the data controller is responsible for most aspects of the processing of the information.

Will Botdoc comply with the GDPR?

Botdoc is excited about the GDPR and the strong data privacy and security principles that it emphasizes, many of which Botdoc instituted long before the GDPR was enacted. At Botdoc, we believe that the GDPR is an important milestone in the data privacy landscape, and we are committed to achieving compliance with the GDPR on or before May 25, 2018.

Botdoc’s GDPR preparation started more than a year ago, and as part of this process we are reviewing (and updating where necessary) all of our internal processes, procedures, data systems, and documentation to ensure that we are ready when the GDPR goes into effect. While much of our preparation is happening behind the scenes, we are also working on a number of initiatives that will be visible to our users. We are, among other things:

  • Updating our Data Processing Addendum to meet the requirements of the GDPR in order to permit you to continue to lawfully transfer EU personal data to Botdoc and permit Botdoc to continue to lawfully receive and process that data;
  • Updating our third-party vendor contracts to meet the requirements of the GDPR in order to permit us to continue to lawfully transfer EU personal data to those third parties and permit those third parties to continue to lawfully receive and process that data;
  • Analyzing all of our current features to determine whether any improvements or additions can be made to make them more efficient for those user’s subject to the GDPR;
  • Evaluating potential new GDPR-friendly features to add to our application.

Botdoc has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes, and lawfully transfers EU/EEA personal data to the U.S. pursuant to our Privacy Shield Certification. We also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability.

DATA SUBJECTS’ RIGHTS

In addition, we will be prepared to address any requests made by our customers related to their expanded individual rights under the GDPR:

Right of Access As noted above under the principle of “lawfulness, fairness, and transparency,” data processing must be transparent. Hand in hand with that, data subjects have a “right of access” to obtain from a controller a copy of their personal data being processed, as well as information about that processing, such as how and why their personal data is processed, how long it will be processed, and whom it has been shared with (see Article 15).

Right to Rectification Data subjects have a right to ask a controller to rectify inaccurate personal data about them being processed by an organization. And, in appropriate circumstances, data subjects have a right to complete any incomplete personal data about them (see Article 16).

Right to Be Forgotten The right to be forgotten, though implied under the Directive, is now clearly codified in GDPR in Article 17. Data subjects generally have a right to request that a controller erase their personal data.

Right to Restriction of Processing Similar to the right to be forgotten, data subjects have a right to request that a controller restrict processing of their personal data (see Article 18).

Right to Data Portability GDPR introduces a new data subject right: the right to data portability. This right requires controllers to make it easy for data subjects to take their personal data with them to another organization. In other words, they should be able to take their personal data out of one business’s system and move it to another business’s system (see Article 20).

Right to Object Controllers whose lawful grounds for processing personal data are legitimate business purposes (see the first principles of data protection, above) must allow data subjects a right to object to the processing of their data. The data subject’s wishes must be respected, unless the business has a more compelling interest in processing the personal data than the data subject’s interests in not having their data processed (see Article 21).

A common scenario where this comes up is in the context of marketing communications. When a data subject objects to their personal data being used for direct marketing purposes, their wishes must be respected. A data subject’s interest in not being marketed to is more compelling than your interest in marketing to him or her. Further, no later than the very first marketing communication with a data subject, they must be made aware of their right to object to further use of their personal data for these purposes.

Right to Object to Automated Decision making When it comes to decisions that could have a legal, or otherwise significant impact, GDPR gives data subjects the right to insist that a human be involved in that decision-making process. In particular, GDPR says data subjects have the right “not be subject to a decision based solely on an automated process, including profiling” (see Article 22). The data subject’s wishes must be respected, unless the business has a more compelling interest in processing the personal data than the data subject’s interests in not having their data processed (see Article 21).

It is worth noting that nearly all of the above data subject rights are not absolute. For example, there may be situations where your business may have a greater interest in not erasing certain personal data than a data subject has in asking you to erase it. Therefore, if any of the rights described above cause you concern, it is worth further investigation into the nuances of the law relating to that right to make sure you fully understand your obligations.

About Consent

You need to have a legal basis, like consent, to process an EU citizen’s personal data. Under the GDPR, you may use another legal basis for processing personal data, but we anticipate that many Botdoc users will rely on consent. This consent must be specific and verifiable.

Verifiable consent requires a written record of when and how someone agreed to let you process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.

About Individual Rights

The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the right to ask for details about the way you use their personal data and can ask you to do certain things with that data. You should be prepared to support people’s requests in a timely manner. People have the right to request their personal data be corrected, provided to them, prohibited for certain uses, or removed completely.

You should also be able to tell someone among other things, how their personal data is being used. If they ask, you’re obligated to share the personal data you hold on an individual or offer a way for them to access it.

Conclusion

GDPR represents a significant update to the provisions of the Data Protection Directive in an effort to provide appropriate protections for data subjects with respect to how organizations process, transfer, store, and protect the enormous amount of personal data being processed in this new digital world. Therefore, it is important that when your organization selects a product or software, your selection entails consideration of these new compliance obligations.

While there is still some ambiguity as to how these provisions will be enforced and interpreted once this measure takes full effect in May 2018, data privacy considerations and conversations around processing of personal data should not be delayed.

We hope this information provides you with insights for taking a proactive approach to data protection.


12/2/2017 BotDoc Planned Maintenance Outage/Updates

On Saturday, Dec 2 at 1am MST there will be scheduled down time to perform major upgrades to BotDoc.  We anticipate this planned outage will take between 1 to 2 hours to perform.

We’re adding some BIG features to BotDoc’s platform, which include:

  • Corp Team upgrades
  • Session Time-Out options
  • New registration page with email verification
  • Terms of Service updates

Affected Product/Service: BotDoc Interface

Expected Behavior:

BotDoc’s interface will be inaccessible during this scheduled maintenance.  Users Requests and Sends (inbound and outbound data/communications) will NOT be processed during this period.

Why we’re doing this:

BotDoc has received great feedback from its USERS therefore our team is expanding NEW features to our clients.  These new updates and features expand capabilities providing more advancements to our users surrounding the secure movement of data between two points.

We appreciate your patience and understanding.  If you have any questions or concerns you can reach us at support@short-save.com.

Thanks,

BotDoc Team


8/27/2017 BotDoc Planned Maintenance Outage/Updates

On Sunday, August 27th at 1am MST there will be scheduled down time to perform major upgrades to BotDoc. We anticipate this planned outage will take between 1 to 2 hours to perform.

We’re adding some BIG features to BotDoc’s platform, which include:

  • Requesting and Sending to multiple clients
  • My Contacts page – which allows you to select mobile and email addresses from a drop-down menu (like Outlook and Gmail)
  • Return receipts timeline for Sending which allows you to see when your client clicks the link you sent and see when your client initiates download of the document(s).

Affected Product/Service: BotDoc Interface

Expected Behavior:
BotDoc’s interface will be inaccessible during this scheduled maintenance. Users Requests and Sends (inbound and outbound data/communications) will NOT be processed during this period.

Why we’re doing this:
BotDoc has received great feedback from its USERS therefore our team is expanding NEW features to our clients. These new updates and features expand capabilities providing more advancements to our users surrounding the secure movement of data between two points.

We appreciate your patience and understanding. If you have any questions or concerns you can reach us at support@short-save.com.


BotDoc Planned Maintenance Outage – June 16, 2017

On Friday, June 16th at 1am MST we’re performing major infrastructure upgrades to BotDoc. We anticipate this planned outage will take between 2 to 4 hours to perform.

We’re moving BotDoc’s brain power to a much bigger, much faster server environment. Our recent growth has afforded us the opportunity to add extra capacity much sooner than anticipated.


Affected Product/Service:
 BotDoc Interface

Expected Behavior:

BotDoc’s interface will be inaccessible during this scheduled maintenance. Users Requests and Sends (inbound and outbound data/communications) will NOT be processed during this period.

Why we’re doing this:

BotDoc’s engineering is augmenting our network infrastructure to support the ongoing demand of our service. Our intent is to expand our capabilities to our clients with faster and more rigid security. This new infrastructure creates an environment to rapidly roll out expanded capabilities providing more advancements to our users surrounding the secure movement of data between two points.

We appreciate your patience and understanding. If you have any questions or concerns you can reach us at support@short-save.com.


Menu

Read More