Security Statement

Our Plain English Guide to Your Security

Let’s be honest. When the CIA’s website is able to be hacked by Anonymous, we should all accept that anything that is connected to the Internet (and that means just about everything) is able to be hacked. Having said that, the ContractProbe service has been designed with security front of mind. We set out below the key security risks associated with each stage of your use of our services, and the measures we’ve taken to mitigate those risks.

When you send documents to us

When you upload your documents, they are encrypted in transit using a 2048-bit, highest assurance SSL Certificate. That is the highest generally available form of web encryption.

The payment service provider we use to process your payment information has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

While we hold your documents

The best way to preserve your security is for us to hold your information for as short a time as possible. To that end, we guarantee that one of the first things we do when we receive your documents is to delete, permanently, any deal specific information from them. Things like dollar amounts, party names, addresses, all the sorts of things that you are, rightly, concerned about are deleted in a matter of moments after you send us your documents. WE DO NOT KEEP IN ANY MEDIUM A COPY OF THE INFORMATION YOU SEND US. By the time we send you your report, our copy of your document has been deleted. (That does mean, of course, that if you lose your copy of the document we cannot help you retrieve it. But we think that is better for you than us continuing to hold a copy of your documents.)

In addition to the above, the cloud service provider we use complies with the strictest security controls, including ISO 27001, 27017 and 27018. We also apply promptly all security patches and updates from our operating system providers.

When we send our reports to you

While you are viewing your report online you will still be in a secure SSL session and so the report is still protected by that certification, as outlined above. When you close your session the report will be deleted automatically - you will be prompted before closing the session so that you don't lose the report prematurely. We also reserve the right to delete automatically reports that have been displayed in an open session for an unusually long time.

Anything sent by email on the Internet is inherently insecure. Since our reports may refer to sensitive information in the course of identifying problems in your contracts, we suggest you don’t ask to receive your reports by email if you are worried about something damaging being revealed.

A final word

The best way to keep a secret is not to tell it to anyone. So, if you are really worried about security, we suggest you take a few moments to use your searches and replace function of the deal details in your documents so those details never leave your premises in any form. If you do that then you only need to be worried about security on your side of the fence. And we’re afraid we can’t help you with that!

Date: 21 November 2016