Privacy Policy


Last Revised: 08/21/2015

I. Introduction

Secure Digital Solutions, LLC (“SDS”, “we” or “us”) owns and operates the TrustMAPP Security Program Management service and the related website located at https://www.trustmapp.com or https://www.trustmapp.com (the “site”) (the TrustMAPP Security Program Management service, the site and other products and services provided by Secure Digital Solutions collectively the “Service”). We want you, the user of the Service (“you” or “your”), to understand how we collect, use and share data about you. This Privacy Policy identifies what information we collect, and for what purposes it is used.

In this Privacy Policy, the term “personal data” means information that relates to an identified or identifiable natural person.

This policy describes:

  • How and why we collect your personal data;
  • How we use and safeguard your personal data;
  • When and with whom we share your personal data; and
  • The choices you can make about how we collect, use, and share your personal data.

By using or accessing the Service, you accept the privacy practices described in this Privacy Policy and give consent to the processing, use and disclosure of your personal data in accordance with this Privacy Policy. Please do not use or access the Service if you do not agree to this Privacy Policy.

We wish to remind you that content you post to the Service, including responses to survey questions, are not anonymous and may be viewable by members of your organization. Please exercise appropriate discretion as needed.

II. Policy Scope

This Privacy Policy applies to personal data processed by us in connection with the Service.

III. Information We Collect

We may collect personal data for the purposes set forth in Section IV. below, including for example to deliver the Service to you and to help improve your experience on the Service. We strive to limit the amount of personal data collected to support the intended purpose of the collection. The following are some examples of the ways with which we may collect information from you:

(i) Information You Provide to Us Directly:

When you use the Service, we may collect information that you provide to us directly. For example, we collect information in the following circumstances:

  1. Registration
    We may collect personal data from users who register to use the Service. During registration, a user may be required to submit his/her contact information (such as valid email address, name and phone number). We also create a username and password for your account in the Service.
  2. Surveys
    We may collect personal data when you respond to online surveys in the Service.
  3. Communications with Us
    We may collect personal data when you communicate with us, for example via the Service or by email. Moreover, a record of any correspondence may be kept.

(ii) Data Collected Automatically:

We may automatically collect the following information from users of the Service that in certain circumstances may constitute personal data:

  1. Cookies and Web Beacons
    We may use cookies to track site usage and trends, to improve the quality of the Service, and to customize your experience on the Service. We save a “cookie,” a small text file, on your computer. You can remove or block cookies using the settings in your browser, but in some cases doing so may impact your ability to use the Service.

    One type of cookie, called a “persistent” cookie, is created once you have logged in to your account in the Service. The Service uses persistent cookies to identify a returning visitor.

    Another type of cookie, called a “session” cookie, is used to identify a particular visit to the Service. Session cookies used by the Service expire after you close your browser.

    We may also use web “beacons” to allow us to know for example if you visited a certain page or opened an email from us.

  2. Log Files and Information about Your Device
    When you visit the Service, we collect information about your device, such as the IP (“internet protocol”) address connected to your computer (or the proxy server you use to access the World Wide Web), your computer operating system, the type of browser you are using, mobile device operating system (if you are accessing the Service using a mobile device), as well as the name of your ISP (“internet service provider”) or your mobile carrier. We use this information to analyze overall trends to help improve the Service. We do not share with third parties, the linkage between your IP address and your information on the Service, unless required by law to do so.
  3. Analytics Service Providers
    As an element of the Service we use third party data analytics service providers, which help us analyze and improve the Service. The data collected by data analytics service providers enables us to understand usage patterns of the Service. We may permit these service providers to use cookies and other technologies to perform their services for us. Usage information and personal data are stored by such service providers and are subject to their privacy policies. The current list of data analytics service providers we use in connection with the Service can be requested from us at any time by contacting us at [privacy|at|trustsds|dot|com]. In particular, Google Analytics is an element of the Service. Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the site, the Internet Protocol (IP) address, and the type of operating system used in the devices used to access the site.

IV. How We Use Your Information

We use the personal data to provide our consulting services, including the Service, and to support our core business functions. These include service fulfillment, internal business processes, authentication, and legal functions. Some examples include:

  • To register and service your account;
  • To help us improve and customize our service offerings;
  • To communicate with you;
  • To prevent and investigate fraud and other misuses;
  • For market research;
  • For electronic direct marketing, in accordance with applicable law;
  • To audit and analyze the Service; and
  • To protect the security or integrity of the Service and our business.

V. Ways We Share Your Information with Third Parties

We do not sell or rent personal data to third parties. We only disclose personal data under the following limited circumstances:

  1. Service Providers
    We may disclose or otherwise make available personal data to service providers that help with our business operations, such as third-party software support and development firms. Personal data may be stored and processed by our service providers in the United States or other locations where the service providers maintain facilities. We require our service providers to keep personal data confidential and secure. In addition, our service providers may not use or disclose personal data for any purpose other than providing the services on our behalf.
  2. Legal Requirements and Protection of Our Company and Others
    We may disclose personal data when required by subpoena or other legal process or request by public authorities, or if we have a good faith belief that disclosure is necessary to:

    • Investigate, prevent or take action regarding suspected or actual illegal activities or to assist government enforcement agencies or other public authorities;
    • Enforce this Privacy Policy, to investigate and defend ourselves against any third party claims or allegations, or to protect the security or integrity of the Service; and/or
    • Exercise or protect the rights, property or personal safety of Secure Digital Solutions, LLC, our users, employees, agents, or others.
  3. Business Transfers
    We may disclose personal data to other companies in our group, including our subsidiaries and affiliates, and as part of reorganization or a sale of the assets or stock of Secure Digital Solutions, LLC, or its subsidiaries or divisions or a corporate merger, consolidation, or restructuring. Moreover, we may disclose information in connection with bankruptcy proceedings, or other corporate reorganization. Any third party to which Secure Digital Solutions, LLC transfers or sells the Service or assets or stock related to it will have the right to continue to use the personal data that you provide to us.

    Moreover, we may disclose information to third parties in an aggregate format that does not constitute personal data and does not allow the identification of individual users.

VI. Your Rights and Choices

  1. Discretion for Information Disclosures regarding the Surveys in the Service
    The purpose of the Service is to encourage candid and sometimes sensitive survey responses regarding your organization’s information security controls and processes. We do not control or otherwise censor your responses to survey questions. Additionally, responses to survey questions are not anonymous and may be viewable by members of your organization. As such, we recommend that users exercise appropriate discretion as needed.
  2. Accessing and Updating Your Information
    We take reasonable steps to keep personal data held by us accurate and complete. You have the right to know what data we hold about you, and the right to have incomplete, incorrect, outdated, or unnecessary personal data corrected, deleted, or updated. You can access or update your user account in the following ways:

    • If you have an account on the Service, log into <https://<your-subdomain.trustmapp.com> your account. Once you do, you will be able to enter and update your own contact information under the user settings option.
    • Email TrustMAPP Support directly at [TrustMAPP|at|trustsds|dot|com].
    • Contact SDS Technical Support at 952-544-0234

    You may to access the data you enter into the Service as long as it resides on our servers. If your account has been deactivated, you may contact us (contact information below) to request a copy of your data, if such data is retained by us in accordance with the relevant agreement and/or applicable laws.

  3. Opting-Out of Email Communications
    You may not opt-out of Service-related email communications from us as these communications are necessary for the provision of the Service offering.

    However, you have the right to opt out of receiving electronic direct marketing from us. All electronic direct marketing communications that you may receive from us, such as marketing e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us at [privacy|at|trustsds|dot|com].

  4. Closing Your Account
    You may close your Service account by contacting [TrustMAPPSales|at|trustsds|dot|com]. If you close your Service account, we will terminate online access to your personal data, but we will retain this information for recordkeeping purposes and as required by law.

VII. Children and Minors

We do not knowingly collect personal information from children under the age of 13. Children may not use the Service, and we request that children under the age of 13 not submit any personal information to the Service, including on the site.

VIII. Information Security

Access to your data on the Service is password-protected and the site utilizes 256-bit SSL (“secure sockets layer”) encryption to reduce the risk that others are able to view information passing between our web servers and your browser. When you enter a secure portion of the site, an image of a closed lock or a solid key should appear in the bottom or URL address bar of your browser window as an indicator of SSL encryption.

We implement administrative, technical and physical safeguards to protect the content you post on the Service. However, since the Internet is not a completely secure environment, we cannot ensure or warrant the security of any information you transmit to us. There are no guarantees that information cannot or will not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, technical or physical controls. Moreover, it is your responsibility to protect the security of your login information (username and password).

IX. International Transfers of Personal Data

The Service is hosted on servers located in the United States. Moreover, personal data may be stored and processed by our service providers in the United States or other locations where the service providers maintain facilities. By using the Service you consent to that personal data about you may be processed outside your own country and you acknowledge that the laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. In particular, if you are located within the European Union, you consent to your personal data being transferred outside of the European Union.

X. Changes to this Privacy Policy

We may update this Privacy Policy at any time, with or without advance notice. In the event there are significant changes in the way we handle your personal data, or in the Privacy Policy document itself, we will display a conspicuous notice on the Service and/or send you a service email. By your continued use of the Service after we provide a notice of changes, you consent to our changed terms or practices.

XI. How to Contact Us

If you have questions or comments about this Privacy Policy, please email us at privacy|at|trustsds|dot|com.

Or, by post:

Secure Digital Solutions, LLC
Attn: Privacy Officer
1550 Utica Ave
Suite 420
Saint Louis Park, MN 55416