FunnelEnvy

  • Website
    https://www.funnelenvy.com
  • Compliance
  • Threat Management
  • Compliance

    • CCPA

      On January 1, 2020, the California Consumer Privacy Act (CCPA) changed how businesses must handle the personal information of California residents. CCPA was designed to provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement for residents in the state of California. FunnelEnvy implements and honors all aspects of CCPA, which includes the following key protections for California residents:

      • Each visitor has the right to know what personal information is being collected and whether that information is sold, transferred or disclosed and to whom. We maintain a clear privacy policy to ensure it’s easy to understand what data we collect and the third parties we work with to process data.
      • The right to opt-out of the sale of personal information. Opt-out requests should be emailed to security@funnelenvy.com.
      • The right to access or delete personal information collected by FunnelEnvy. Requests to delete personal information should be emailed to security@funnelenvy.com. We maintain internal processes to safely delete personal information upon request.
      • The right to equal FunnelEnvy services and prices, regardless of privacy choices. Residents that choose to exercise their rights may still become FunnelEnvy customers without penalty or retribution. We are committed to a policy of non-discrimination.
    • EU-US Privacy Shield

      FunnelEnvy is a member of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. These frameworks were designed by the U.S. Department of Commerce, the European Commission and Swiss Administration to provide organizations on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the U.S. in support of transatlantic commerce.

      Our current Privacy Shield status can be found on the Privacy Shield website.

    • Swiss-US Privacy Shield

      FunnelEnvy is a member of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. These frameworks were designed by the U.S. Department of Commerce, the European Commission and Swiss Administration to provide organizations on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the U.S. in support of transatlantic commerce.

      Our current Privacy Shield status can be found on the Privacy Shield website.

    • GDPR

      The E.U. General Data Protection Regulation (GDPR) strengthens and standardizes data protection laws for all individuals within and traveling inside the European Union (E.U.). FunnelEnvy implements and honors all aspects of the GDPR, which include:

      • Expanded privacy rights for individuals: data subjects within the E.U. have the right to be forgotten and the right to request a copy of any stored personal data.
      • Responsibility to implement appropriate security: organizations subject to the GDPR must implement appropriate security controls and policies, to include the completion of privacy impact assessments, records on data processed and held, and strict management of vendors.
      • Data breach response and notification: data breaches must be reported to data protection authorities, customers, and under certain circumstances, affected data subjects.
      • Profiling and monitoring requirements: the GDPR stipulates strict security and privacy rules on organizations engaged in profiling or monitoring of E.U. individuals.

      Data Processing Addendum (DPA)

      This addendum includes all required terms for GDPR compliance, plus Standard Contractual Clauses which serve as a safeguard to govern transfers of personal data out of the EU/EEA/Switzerland.

      Sign Data Processing Addendum (via HelloSign)

      Download Data Processing Addendum (PDF)

    • ISO 27701

      Since 2018, FunnelEnvy has maintained an active, ISO 27001-certified Information Security Management System (ISMS) for its operations. We follow the specified security management best practices and security controls, and maintain a rigorous information security program. ISO 27001 is a widely-recognized international security standard which specifies that we:

      • Systematically evaluate our information security risks, evaluating the potential impact of threats and vulnerabilities.
      • Maintain a comprehensive suite of information security controls and other forms of risk management.
      • Operate an overarching management process to ensure that our information security controls are effective.

      FunnelEnvy’s ISO 27001 auditor and registrar is A-LIGN. A certificate of registration is available upon request.

    • SOC 2 Type II

      FunnelEnvy meets the criteria for security in the American Institute of Certified Public Accountants (AICPA) TSP Section 100A, Trust Services Principles and Criteria. We complete SOC 2 Type II audits on an annual basis. A copy of FunnelEnvy’s most recent SOC2 report can be provided upon request.

  • Threat Management

    • Responsible Disclosure

      FunnelEnvy’s steadfast commitment to security necessitates that it investigates all reported vulnerabilities. If you would like to report a vulnerability or have a security concern regarding our services, please contact our team at security@funnelenvy.com. Along with your email, please provide any supporting material (code, system or tool output, etc.) that will help us to understand the nature and severity of the vulnerability. Our team will review the submission and will respond with next steps.

      The information that you share with FunnelEnvy as part of this process is always kept confidential. It is not shared with third parties without your permission.