Data Security Policy

Umso Software Inc.
(“umso”, “We”, “Us”, and “Our”)

Umso takes data security and privacy seriously. We use and maintain technical and organizational security measures to protect the data of Our company and Our Subscribers. Below is an overview of the main measures We have implemented to secure Our platform and keep the data We receive secure. 


Security Approach

We maintain or work with sub-processors who maintain conformance with industry standards of data security and have a formal, comprehensive, data security program that includes reasonable security procedures and practices that are appropriate to the nature of the data We receive which is reasonably designed to (a) ensure the security, confidentiality, and integrity of data; (b) protects against threats or hazards to the security, confidentiality, or integrity of data; (c) prevents unauthorized access to, and destruction, use, modification, and disclosure of data, and (d) provides for prompt notice to Subscribers of any unauthorized access to any data.


Compliance and Certifications

Umso’s credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor is certified as PCI DSS Level 1 compliant.


Physical access

Umso’s services are hosted on Amazon Web Services Inc. (“AWS”). More information on the security of our cloud-based service providers can be found at the AWS security page.


Continuity, Incident Response, and Disaster Recovery Plans

Umso’s sub-processors use data centers and cloud service providers in separate geographic locations and different time zones to allow infrastructure and service availability, as well as continuity.

Umso has developed and maintains a business continuity, incident response, and disaster recovery plan.


Access to Our Systems

Umso maintains an access control policy covering Our internal network and systems processing of personal data. This facilitates control processes, including access logging, monitoring and limitation.


Protection from others posing as Subscribers

We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity. Certain changes to an account, such as to a password, may trigger email notifications to the registered account owner.

We also provide the ability to establish tiered-levels of access within accounts.


Security for storing and transmitting personal data

All new sites created using our services have HTTPS automatically enabled as part of the basic services We provide. 

All critical interfaces and functions (i.e. user authentication, payment transactions (PCI data) and personally identifiable information related processes are only accessible using at least Transport Layer Security v1.2.

We have a multiple layer security architecture to help protect against zero-day security issues.

Firewalls and intrusion prevention systems are in place to prevent unauthorized access.

Umso or its sub-processors facilitate a 24/7/365 threat detection program focused on information gathered from various sources (internal network traffic, employee actions on systems and on-going research about vulnerabilities). Analysis is performed using different tools for traffic capture and parsing. 


Risk Assessment and Monitoring

The account passwords of Subscribers are hashed with industry standard technology.

Our Subscribers have the ability to customize many of their website permissions, depending on specific service and features used.

All of Our cloud and public interfaces are automatically scanned for vulnerabilities and misconfigurations on a regular basis.  We regularly monitor, detect, and block incoming attacks on our platform.


Last updated Oct. 1 2021
Made with
Our website uses cookies

Cookie Settings

We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

These cookies help us to better deliver marketing content and customized ads.