Aimee Blue Data Security

This Security Policy governs the processing of data provided by a Subscriber in connection with their user license agreement (“Agreement”) or through the use of the Aimee Blue Services. By using the Aimee Blue solution, our services, or our website, or by signing an Agreement with Aimee Blue, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our services.

Aimee Blue Data on Local and Cloud Servers

Each Aimee Blue service processes data both locally on the Aimee Blue concierge and on Aimee Blue servers, hosted by the Google Cloud platform.

The Google Cloud platform is a leading provider cloud services, providing database storage, speech to text processing, content delivery and a range of other functions. It is one of the largest and most successful cloud platform providers in the world.

Aimee Blue makes continuous backups of your systems configuration, so your Aimee Blue data will be up to date. We keep your Aimee Blue data safe by adhering to industry best practices.

Google Cloud has an extensive and constant Cyber Security presence (its reputation depends on it) and Aimee Blue conducts third party security assessments. We continually monitor our Google Cloud environment, implementing updates and patches in line with best practices prescribed by Google Cloud and industry expects.

You can find out more about Google Cloud security at cloud.google.com/security/

Cloud Infrastructure

You can learn about the terms of agreement between Aimee Blue and Google Cloud here: cloud.google.com/terms/

Google has achieved a substantial amount of certification and compliance in industry standards, which recognise best practices in Information Security.

For a full listing of Google Cloud certification and compliance, visit cloud.google.com/security/compliance/

Security Controls

Aimee Blue utilises multiple layers of security controls (software, physical and process based) to protect our client data. Industry best practices are implemented, maintained and consistently reviewed to ensure we’re maximising protection for our clients. Aimee Blue understands security and privacy is of utmost importance to everyone.

Data Encryption

Each Aimee Blue application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery.

Once client data reaches Aimee Blue cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption.

Service Availability

Aimee Blue has been designed to be a highly available solution. Aimee Blue services are split over multiple Google Cloud datacentres. In the event of one data centre going offline in a disaster scenario, the second data centre continues to serve data with minimal, if any, service interruption.

Aimee Blue’s service is designed to scale up as more clients use it at peak times, and then scale down at low times. This scaling allows Aimee Blue to mitigate external attacks trying to flood our system resources.

Data Ownership & Processing

The data contained in Aimee Blue, remains the property of the licensed subscriber, excluding personally identifiable data which always remains the property of individual. If the subscriber ends their agreement with Aimee Blue, Aimee Blue will retain the data for a maximum of 30 days, before having it destroyed.

Visitor and Staff data remains the property of the individual and is used solely for the purpose of the visitor interaction with the specific Aimee Blue service used at the point of interaction. This information is not shared with other Aimee Blue instances. Aimee Blue will never under any circumstances share, or sell visitor/staff data or pass it on to marketing agencies. A visitor may choose to have their interaction with Aimee Blue deleted at any time by contacting secure@aimeeblue.com

For a full list of how your data is handled, please see the Aimee Blue privacy policy here aimeeblue.com/privacy

Backup Policy

Aimee Blue servers are backed up multiple times daily, weekly and monthly.

System Monitoring

Aimee Blue is monitored 24hours a day, 7 days a week, 365 days a year.

Found a Vulnerability?

At Aimee Blue, we strive to have the most secure solution we can. If you believe you’ve found a security vulnerability in our platform, please let us know on secure@aimeeblue.com.

Report a Data Breach

If you believe Aimee Blue information has become publicly available, please contact us immediately on secure@aimeeblue.com for validation.

Aimee Blue has a duty of care of our client’s data. If a data breach occurs, we must notify affected clients immediately.

Questions?

This statement reflects the security policy of Aimee Blue and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within Aimee Blue. Any questions should be directed to secure@aimeeblue.com.