Site Systems comprehensive security measures include physical and online security techniques to monitor and block irregular activity (i.e., hackers, automated entries, viruses, etc.) from disrupting your sweepstakes, contests, and games. Our advanced security techniques help ensure that your promotion will run smoothly, uninterrupted and error free. Our protection measures include:

Protection for You and Your Promotions

• 100% Legal Guarantee. We stand behind our work. We are so confident that Site Systems will indemnify and defend you in court for the promotional services we provide to you. We also guarantee that your promotion will comply with all applicable prize promotion laws.

• In over 30 years, we have had zero legal challenges to promotions run by Site Systems.
• We are hands-on experts at creating, running, and managing sweepstakes, contests and promotions.
• We have run thousands of successful promotions since we were founded over 30 years ago.
• Site Systems provides access to licensed attorneys in over 95 countries to ensure your promotions are legal in every country you run them.
• We are promotions experts. We understand the complex state, federal and international laws that govern sweepstakes and we know what it takes to make your promotion a success .

Data Center Security

• The data collected for your promotions via our Promotions Platform are stored on secure servers hosted on the Amazon AWS cloud platform, located in Virginia, USA. The AWS cloud security infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables Site Systems to deploy high volume promotions quickly and securely. For more information on AWS security please visit http://aws.amazon.com/security/ .
• Site Systems uses data centers that are PCI-compliant and meet or exceed ISO 9000 standards.
• These data centers feature biometric access systems, data center cages, security cameras, entry/exit audit trails, and are managed 24/7/365 with onsite security staff.
• Our Promotions Platform servers and websites have comprehensive DDoS protection.
• System access is restricted to authorized employees using encrypted access, VPNs, multifactor security, and firewall rules.

Data Privacy Measures

• Data is encrypted in transit, using TLS 1.2, and at rest.
• We do not sell your data or the data you collect with our Promotions Platform.
• Login pages transmit login data via SSL.
• SSL encryption is available on each campaign created with and hosted by Site Systems.
• Site Systems is GDPR compliant, and we work with sub-processors, contractors and partners who are GDPR compliant, too.
• You can learn more about privacy by reviewing our Privacy Policy .

Data Loss and Corruption Prevention

• To keep your data safe, each client's data is stored in separate, secure databases. Your data is never mixed with other clients' data.
• Site Systems technology infrastructure provides enterprise scalability, maximum security, and redundancy with firewalls, load balanced servers, encrypted database servers, IDS/IPS tools, virus protection, and daily backups.
• Our promotion systems are monitored 24 hours a day 7 days a week for suspicious activity, errors, issues, potential issues, and performance.
• Physical access controls are in place to protect hard-copy data and computer equipment. Operational security procedures are devised to minimize the number of storage locations in which personal data is held.
• Security policies and mechanisms are in place to limit access and protect data (such as unique accounts, disabled guest accounts, access policies, strong password requirements, antivirus, regular system and security patch updates, firewalls, VPNs, etc.). In addition, personal data stored electronically is stored in an encrypted format.
• Unique user accounts (with strong password requirements) are assigned to each user. Access to personal data is limited only to user accounts approved to access such data.
• A clean desk policy is always maintained by Site Systems' personnel. All forms of physical personal data such as promotion entry forms, tax documents, and entry validations are not left out on desks or in open areas when not needed. All confidential materials and data are stored in secure locked areas with limited access.

Proper Data Destruction

• Data security policies and procedures are in place to address handling of digital data, paper copies, promotion entries, winner list, emails, validation letters, winner information, incoming and outgoing mail, long-term paper storage, and data retention. The amount of confidential information in all entry forms, mail-ins, online sign-ups, and other pertinent correspondence are kept to a minimum and are securely destroyed when no longer needed.
• All paper documents with confidential or personal data are shredded in a "crosscut" type shredders.
• When IT equipment is disposed of, digital storage media is either securely wiped (by overwriting data) or destroyed (rendering any data on the media unrecoverable) prior to disposal.

Data Breach Protocols

• Site Systems ensures the security of client data and confidential information. Our information security incident response process detects, responds to, and reports incidents quickly and effectively. Our systems help ensure that we minimize losses, address weaknesses, swiftly restore system functionality, and maintain business continuity.
• Comprehensive chain of custody procedures are followed to protect evidence gained during any security incident.

Employee Education & Internal Protocols

• Employees that have access to customer data undergo criminal history background checks prior to employment.
• All employees are required to sign non-disclosure and confidentiality agreements.
• We provide information and training to our employees regarding privacy and security best practices.
• In the event of an employee termination or an employee choosing to leave our company, we have processes in place to ensure access to our platform and our customers' data are secure.
• To protect our company from a variety of different losses, Site Systems has established a comprehensive insurance program. Coverage includes: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, workers compensation, and commercial general liability coverage.

Promotion Specific Protections

• Independent Arbitration & Dispute Resolution. Site Systems will act as the third-party independent judging organization for your promotion. We will interpret rules and make fair and impartial decisions if issues arise, and we will arbitrate any consumer complaints or inquiries. This will protect you. By designating Site Systems as the third-party independent judge in the Official Rules of the promotion you (and more importantly your entrants) agree that if an issue or complaint arises, Site Systems will decide how best to proceed. Courts have upheld that decisions by third party independent judges are binding and this limits your entrants' ability to win any lawsuit if a problem occurs.
• Data Security and Document Retention.In the U.S., each state has different data security and document retention laws that must be followed when you run a promotion. In addition, documented procedures need to be followed to adhere to the law and limit liability. Site Systems will securely manage all the data we receive and maintain the appropriate documents, so you don't have to worry.
• Quality Assurance Testing.Our Quality Assurance Engineers perform rigorous testing of your promotion for functionality, browser support, stability, security and load.
• Entry Restrictions. Consumers can be limited to entering the promotion based on any criteria such as email address, household, frequency (i.e., once per day), geography (i.e., excluding Florida), age (must be over 18), or any other criteria desired.
• COPPA & CARU Compliance. Site Systems provides automated child privacy protection systems that can block child registrations or require parental permission before children can participate in the promotion.
• Data Collection and Tracking. All visitor tracking and submission data is collected centrally in a secure, redundant, encrypted database.
• Duplicate Validation. Players can be restricted from entering a promotion multiple times based on any criteria such as name, phone number, email address, household, frequency (i.e., once per day), geography (i.e., excluding Florida), age (must be over 18) or any other criteria desired. Site Systems' advanced duplication algorithms make it difficult to thwart duplication validation.
• Entry Validation. Sweepstakes entries are validated to ensure that the information is accurate and complete and that all entrants meet the requirements of the Official Rules (e.g. entry frequency, geography, age, etc.)
• Winner Validation. Promotion winners are validated to ensure that their information is accurate and complete and that they all meet the meet the requirements of the Official Rules (e.g. entry frequency, geography, age, etc.)
• Bot Protection. This feature secures your promotion entry forms with CAPTCH challenges and other security techniques to block spammers, automated programs, and bots from interfering in promotions.
• Audit Logs. Site Systems maintains complete activity logs and audit trails of all entries, validation errors, winners, and suspicious activities.
• IP Address Blocking. Hackers are blacklisted and blocked from disrupting promotions by their IP address.
• High Volumes. Our load balanced cloud-based servers support extremely large volumes of traffic.
• Fault Tolerance.Our cloud-based systems provide redundancy for hardware, software, power, and bandwidth.

Site Systems takes data security and privacy very seriously. While we can't reveal everything about our security practices (as it can empower the very people we are protecting against), we hope that the information provided in this document gives you confidence in the security of our promotions and the data that you entrust to us.