<img height="1" width="1" src="https://www.facebook.com/tr?id=912742028805538&amp;ev=PageView &amp;noscript=1">

Privacy and Security Policy

This privacy policy describes how Sure Market LLC (“Sure Market”), the operator of the www.surefront.com website , handles information collected from users (each, a “User”) of the www.surefront.com website (“Site”). This privacy policy applies to the Site and all products and services offered by Sure Market (“Services”). By using our Services, you consent to our use of your personal and non-personal data under this Privacy Policy.

1. Services

We may collect personally identification information from Users in a variety of ways, including, but not limited to, when Users visit our Site, register on the Site, subscribe to any newsletters we may provide, use the Services, and in connection with other activities, services, features or resources we make available on our Site. For example, we may collect information such as the User’s location or behavior. Users may also be asked for, as appropriate, name, company name, user ID, contact information (including email address, phone number, physical postal address), photograph, and billing and payment information (including billing address, telephone number, credit card information, and bank account information). We may collect information you submit for a profile. We may further collect correspondence sent to or from us; any additional information you choose to provide (such as such as by syncing your address book or calendar); and other information from your interaction with our Site, other Services, and content, including computer and connection information, statistics on page views, traffic to and from the Site, ad data, IP address, browser name, location data, the type of computer and technical information about Users’ means of connection to our Site, such as the operating system and the Internet service providers or mobile carriers utilized and other similar information, and standard web log information. Our Services allow you to communicate with other users within your place of employment and with users at other places of employment, such as those you conduct business with. We scan messages to provide “bots” or similar tools that facilitate tasks such as tracking negotiations with other users, tracking orders placed with or received from other users, scheduling events, drafting communications, summarizing communications, or suggesting possible future activities next steps. We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you receive a communication from another User, we may track whether you have acted on the communication and may send you reminders or alerts. If you choose to provide us with personal information, you consent to the transfer and storage of that information on our servers located inside and outside the United States. Your employer (or other person or entity procuring our Services for your use) may provide us information about their employees or contractors who make use of these Services. For example, we may get contact information for account administrators and for authorizing users of our Services.

2. Profile

You have choices about the information on your profile, such as your legal name, job function, photograph, city or area. It’s your choice whether to include sensitive information on your profile. Please do not post or add personal data to your profile that you would not want to be publicly available.

3. Web browser cookies

Our Site may use cookies, web beacons, unique identifiers, and other tracking mechanisms to track information about your use of our Site and other Services, including information about the pages you view, the links you click, and other actions you take on our Site, and to recognize you and/or your device(s) on, off and across different Services and devices. We may combine this information with other personal information we collect from you. Users’ web browsers place cookies on their hard drive for record-keeping purposes and sometimes to track information about them. Some cookies allow us to make it easier for you to navigate our Site and other Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and other Services. Users may choose to set their web browsers to refuse cookies, or to provide alerts when cookies are being sent. If they do so, note that some parts of the Site may not function properly. Many browsers provide a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to websites’ visited by the user about the user’s browser DNT preference setting. We do not currently commit to responding to browsers’ DNT signals with respect to our websites.

4. How we use collected information

Sure Market may collect and use Users’ personal information for the following purposes:

To provide our Services to you:
We use User’s information to provide our Services and to facilitate updates and support for our Services.

To authenticate you:
We use your data to authenticate you and authorize access to our Services. To facilitate communications between you and other Users of our Services Our Services allow you to communicate with co-workers, partners, customers, vendors, and other business contacts. To do so, you will “connect” with other Users that you or your employer choose, and with those who wish to “connect” with you. When you connect, you will be able to view each other’s profiles. Your profile is fully visible to all Users of our Services.

To improve customer service:
Information you provide helps us respond to customer service requests and support needs more efficiently.

To personalize user experience:
We may use information you provide to personalize your experience in using our Services.

To improve our Services:
We may use feedback you provide to improve our Services. We use the collected information (which can include your communications) needed to investigate, respond to and resolve complaints and Services issues (e.g., bugs). We may use information in the aggregate to understand how our Users as a group use the Services and resources provided on our Site.

To send periodic emails or other communications:
We will contact you through email, notices posted on our Site or other Services, messages to inboxes provided by the Site or other Services, and other ways, including text messages and push notifications. We will send you messages about the availability of our Site or other Services, security, or other service-related issues. We also send messages about how to use the Site or other Services, network updates, reminders, and promotional messages from us.

Security and Investigations:
We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our Terms of Use, this Privacy Policy, and/or attempts to harm other Users.

To comply with the law and for Security and Investigations:
We may use information to help us respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may share personally identifiable information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud or other violations of our terms of use, this Privacy Policy, and situations involving potential threats to the physical safety of any person, or as required by law.

5. Security

We endeavor to keep your data secure. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

6. Sharing of information

Any information you include on your profile and any Content you post will be seen by others. Your employer can see how you use the Services Site they provided for your work (e.g., as a purchasing or sales agent) and related information. We may disclose the information we collect from Users to third-party vendors, service providers, contractors or agents who perform functions on our behalf. We may also share information in the following circumstances:

A. Business Transfers
We can also share your personal data as part of a merger with another company, as part of a sale, as part of a change in control, as part of a bankruptcy proceeding, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data in accordance with this Privacy Policy, unless you agree otherwise.

B. Legal Disclosures
We may need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Services; or (5) exercise or protect the rights and safety of Sure Market and its personnel, Users, or others.

C. Aggregate and De-Identified Information
We may share aggregate or de-identified information about Users with third-parties for marketing, advertising, research or similar purposes.

7. Third-Party Materials

The Services may enable access to third-party services, websites, and materials. The information practices or the content of such other websites is governed by the privacy statements of such other websites. We encourage you to review the privacy statements of such other websites to understand their information practices. You acknowledge and agree that neither Sure Market nor its agents are responsible for examining or evaluating the content, accuracy, completeness, timeliness, validity, privacy practices, copyright compliance, legality, decency, quality or any other aspect of such third-party materials or websites. Neither Sure Market nor its agents warrant or endorse, nor do they assume and or have any liability or responsibility to you or any other person for any third-party services, third-party materials or web sites. Third-party materials and links to other web sites, if any, are provided solely as a convenience to you.

8. Changes to this privacy policy

Sure Market has the discretion to update this Privacy Policy at any time. When we do, we may revise the date at the bottom of this page and we may send you an email. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications. If you object to any changes, you may close your account. Your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that you are consenting to the updated Privacy Policy.

9. Prohibition on use by Children

Sure Market’s Terms of Use require all account owners or account managers to be at least 18 years of age. Children under age 18 are not permitted to use the Services or establish an account.

10. Your acceptance of these terms

By using our Services, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Services.

 

Security Policy

1. Overview

Surefront provides Software as a Service (SaaS) solutions to leading retailers, brands, and manufacturers across the globe. Security is a central aspect to all three pillars of the Surefront Credo; Best People, Best Product, and Best Results and represents a promise of trust between our team, our partners, and most importantly, our customers. This protocol details our practices for delivering on our promise to customers and uphold our credo through diligent information security management.

The objective of this security policy is to provide a framework for managing information security at Surefront in accordance with ISO/IEC 27001 standards. This policy aims to protect the confidentiality, integrity, and availability of information assets and ensure compliance with relevant legal, regulatory, and contractual requirements.

This policy applies to all employees, contractors, consultants, and any other entities who have access to Surefront’s information assets. It encompasses all systems, networks, applications, and data owned, managed, or processed by the company.

Surefront is committed to:

  • Protecting information assets from threats, whether internal or external, deliberate or accidental.
  • Ensuring the confidentiality, integrity, and availability of information.
  • Complying with all applicable legal, regulatory, and contractual requirements.
  • Continually improving the information security management system (ISMS).

2. Access Control

Policy: Access to information assets shall be restricted to authorized individuals only.

Controls:

  • Implement multi-factor authentication (MFA) for all systems.
  • Enforce least privilege and need-to-know principles.
    • All teams at Surefront are required to operate using the Principle of Least Privilege (POLP) with respect to vendor software systems and access to Surefront's application and engineering infrastructure. The Principle of Least Privilege is a security concept that limits any individual user's access to information, systems, resources, and data to strictly what is needed to successfully contribute in their given role/responsibility.
  • Department Heads, Directors, and Managers are responsible for reviewing their teams' information access privileges to ensure they remain in compliance with POLP at minimum:
    • Once every 90 days
    • Upon addition or separation of a team member
    • Upon change of role or responsibility of a team member.

3. Data Protection

3.1 Data Encryption

The Surefront web application and backend services use industry-accepted encryption products to protect customer data (1) during transmissions between a customer's network and the Surefront servers; and (2) when at rest. Surefront services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. We monitor the changing cryptographic landscape closely and work promptly to upgrade our services to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need to maintain reasonable compatibility with older clients.

3.2 Data Backup and Recovery

Surefront customer data is stored redundantly in multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures which allow recovery from a major disaster. Customer data and our source code are automatically backed up every 24 hours. Alerts have been set up in the event of a failure in this system. Backups are tested at least every 90 days to confirm that our processes and tools work as expected.

4. Incident Response

4.1 Incident Detection and Reporting

Surefront, and authorized external entities like AWS, Sentry, and Datadog, monitor our services for unauthorized intrusions. Systems used in the provision of our services log information to their respective system log facilities or a centralized logging service (for network systems) in order to enable security reviews and analysis. Surefront maintains an extensive and centralized logging environment in the production environment which contains information pertaining to security, monitoring, availability, access and other metrics about our services.

 

4.2 Incident Response Plan

Surefront maintains incident management policies and procedures. These procedures include notification of impacted customers with undue delay of any unauthorized disclosure of their respective Customer Data by Surefront or its agents of which Surefront becomes aware to the extent permitted by law. With regards to uptime; Since Surefront systems are hosted using AWS, system status typically correlates with the availability shown on the AWS System Status pages. Surefront typically notifies customers of significant system incidents by email, and for incidents lasting more than one hour, may invite impacted customers to join a conference call about the incident.

5. Compliance and Audit

5.1 Regulatory Compliance

To ensure the effectiveness of our security practices and compliance with government regulations within the markets Surefront operates, Surefront undergoes regular security assessments by internal personnel, external security partners, and continuous automated testing of our web services. The results of these assessments are reported to senior management who identify and implement corrective actions to address all weaknesses and compliance variances.

6. Security Awareness and Training

6.1 Employee Training

  • Provide mandatory security training for new hires.
  • Conduct annual refresher training for all employees.
  • Test employees' knowledge through simulated phishing attacks.

6.2 Third-Party Training

  • Provide security guidelines to third-party vendors.
  • Include security requirements in contracts
  • Audit third-party compliance annually.

7. Physical Security

All of Surefront’s services are provided in the cloud via Amazon Web Services. All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.Surefront does not operate our own routers, load balancers, DNS servers or physical servers. All of our services and data are hosted in AWS facilities and are secured as described by aws.amazon.com/compliance/shared-responsibility-model/ 

8. Network Security and Firewalls

In addition to sophisticated system monitoring and logging, Surefront maintains two-factor authentication for server access across our production environment. Firewalls are configured according to industry best practices, using AWS virtual private subnets and security groups.

9. Application Security and Vulnerability Management

To verify that our security practices are sound and to monitor our services for new vulnerabilities, Surefront services undergo a series of well architected assessments provided by AWS and overseen by our development and operations team. In addition to periodic and targeted audits of our services and features, we also employ the use of mandatory peer code reviews and continuous hybrid automated scanning of our web application and backend source code.

10. Business Continuity and Disaster Recovery

We understand that you rely on Surefront to work. We’re committed to making our services and platform highly available so that you can rely on us. Our infrastructure runs on systems that are fault-tolerant, for failures of individual services or entire servers. Our operations team tests disaster recovery measures regularly and has a dedicated team to quickly resolve unexpected incidents. Industry standard best practices for reliability and back-up helped shape the architecture of our platform. Surefront performs regular backups, facilitates rollbacks of software and system changes when necessary and replication of data as needed. Where possible, Surefront will assist the Customer with data recovery for Major Catastrophic Events, as limited by data residency requirements of the locality and capabilities within the region. “Major Catastrophic Event” means three broad types of occurrences: (1) natural events such as floods, hurricanes, tornadoes, earthquakes, and epidemic; (2) technological events such as failures of systems and structures such as pipeline explosions, transportation accidents, utility disruptions, dam failures, and accidental hazardous material releases; and (3) human-caused events such as active assailant attacks, chemical or biological attacks, cyber attacks against data or infrastructure, and sabotage. A Major Catastrophic Event does not include bugs, operational issues, or other common software related errors.

 

Contact Us

If you have any questions about this Privacy Policy, the practices of our Services, or your dealings with our Services, please contact us at: support@surefront.com

Sure Market LLC
support@surefront.com
Last updated: January 2024