Teamvine Information Security Policy
Teamvine Information Security Policy
Core Security Principles
We build security into our services to protect your information
Teamvine products are built with robust security features to protect your information. We regularly monitor and review our procedures and policies to help us detect and prevent security threats. If we do detect something risky that we think you should know about, we’ll notify you and help guide you through the steps to stay better protected.
Infrastructure Overview
There is a distinction between the Teamvine desktop application and the Teamvine portal
Desktop Application: This is the application that end-users will have installed on their work devices. They will open this application and enter a room code and pin code to access a Teamvine session. This information is then sent to the Teamvine portal for verification to grant access. Other than players moves, little information is passed from the desktop application, none of which is PII (Personally Identifiable Information)
Portal: The Teamvine Web Portal is the online platform from which a facilitator will enter the end user’s email address to send them their Room Code and Pin Number (via email). An end-user may log onto the portal, for example, to see details of upcoming events. The end-users may enter their name, and phone number but this is not necessary for gameplay.
Cyber Security
How we secure your data
User accounts are protected by a hashed (encrypted) password that no one can read (not even the database administrator). Password checking is performed by a cryptographic process that uses the submitted password in conjunction with the stored hashed password to check validity. At no point is a plain-text version of the password stored.
User details (i.e. email and, if they have been entered, name) may be viewed by the database administrator and portal administrators (i.e. Teamvine administrators). Facilitators may only see details of users associated with their subscription. General users can only access their own data. Hence, we employ the principle of least privilege (POLP) – i.e. users are only given access to the data they need to function effectively in their role. We will not share any data with a third party without your explicit consent.
All data is held on MySQL database hosted by AWS and is therefore governed by AWS’s security protocols. For detail on this, please see https://aws.amazon.com/rds/features/security/
Data Privacy
We only hold onto information for as long as it is needed to provide services to our users. If a user wishes to (a) see what info Teamvine stores about them (b) change this information or (c) request for this information to be deleted, they can do so by emailing support@teamvine.io and providing proof of their identity.
Complete information on Teamvines Privacy Policy can be found here: https://teamvine.io/privacy-policy/