We understand that the security of your personal information is important. We provide reasonable administrative, technical, and physical security controls to protect your personal information. However, despite our efforts, no security controls are 100% effective and we cannot ensure or warrant the security of your personal information. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in the Site or Services.
Organizational Security
All employees are required to agree and adhere to an industry-standard confidentiality agreement prior to their first day of work.
Cloud Security
Cloud Infrastructure Security
We use Heroku, which runs on Amazon Web Services, to host all back-end servers and databases. For more information on Heroku’s security processes, please visit Heroku Security. For more information on AWS’s security processes, please visit AWS Security.
Encryption at Rest & in Transit
Tether keeps your data encrypted and secure. All databases are encrypted at rest, and Tether applications encrypt in transit with TLS/SSL only for all connections.
Business Continuity and Disaster Recovery
We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
Incident Response
We have processes in place for handling information security events, including escalation procedures, rapid mitigation, and communication.
Access & Management Security
Permissions & Authentication
Access to cloud infrastructure and other sensitive tools is limited to authorized employees who require it for their role. Where available, we implement 2-factor authentication (2FA), and strong password policies to ensure that access to cloud services is protected.
Least Privilege Access Control
We follow the principle of least privilege with respect to identity and access management.
Quarterly Access Reviews
Quarterly access reviews are performed on all employees with access to sensitive systems.
Password Requirements
Our entire team is required to adhere to a minimum set of password requirements and complexity for access.
Local Equipment Security
All company-issued laptops are encrypted and utilize a password manager for team members to manage passwords and maintain password complexity.
What Data is Collected and Stored?
Tether collects the minimum amount of information necessary to provide a streamlined and personalized experience. Additionally Users can request information deletion at any time in compliance with CCPA and GDPR regulations.
Within the Tether database, the following data is collected for Users:
- First Name
- Last Name
- Email Address (for login and notifications)
- Phone Number (for login and notifications)
- Birth Year (for compliance with COPPA)
- Gender (for personalization - an “Undisclosed” option is offered)
- Time Zone (for localization)
- Last Active Timestamp (for personalization)
- Any content uploaded by that User (images, posts, comments, and other text content)
Within the Tether database, the following data is collected for Organizations:
- Name
- Description
- Street
- Address
- City
- State
- Postal Code
- Country
- Time Zone (for localization)
- Website Address
- Any content uploaded by that Organization (images, audio files, videos, and text content)
System logs may retain traces of User and Organization activity for up to thirty days in order to support security and maintenance efforts, after which point they are deleted.