Privacy and Security Policy

Privacy and Security Statement

At UltraCamp, the security and privacy of all our users—both organizations and their clients—is our priority. We work to make certain that user data is stored securely, using some of the most advanced Internet security technology available today. The purpose of this Security Statement is transparency regarding our security infrastructure and practices and to reassure you that your data is appropriately protected.

Privacy Policy

For each visitor to our Web page, our Web server automatically recognizes no information regarding the domain or email address.

We collect information volunteered by the consumer, including individually identifiable information and other nonpublic personal or financial information. We do not knowingly distribute, sell or otherwise transfer this information for any reason, except as required by law or contract. UltraCamp strives to remain compliant with applicable data protection laws including but not limited to the Payment Card Industry (PCI) and the Health Insurance Portability and Accountability Act (HIPAA).

With respect to cookies: We use cookies to record session information, such as items that consumers add to their shopping cart.

Persons who supply us with their telephone numbers online will only receive telephone contact from us with information regarding orders they have placed online.

With respect to Ad Servers: We do not partner with or have special relationships with any ad server companies.

From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change at some time in the future we will post the policy changes to our Web site and send written notification to you of these changes and provide you with the ability to opt out of these new uses.

Upon request we provide site visitors with access to unique identifier information (e.g., customer number) that we maintain about them, transaction information (e.g., dates on which customers made purchases, amounts and types of purchases) that we maintain about them, contact information (e.g., name, address, phone number) that we maintain about them.

Consumers can access this information by logging into their account at www.ultracamp.com.

Upon request we offer visitors the ability to have inaccuracies corrected in contact information, financial information, unique identifiers, and transaction information.

Consumers can have this information corrected by calling us at the above telephone number, or by logging into their account at www.ultracamp.com.

With respect to security: When we transfer and receive certain types of sensitive information such as financial or health information, we redirect visitors to a secure server. UltraCamp uses an iframe with tokenization for credit card payments and does not store or have access to your payment card data. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you at our site.

If you feel that this site is not following its stated information policy, you may contact us.

Application and User Security

SSL/TLS Encryption: All communications with the ultracamp.com website are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.

User Authentication: User data on our databases are logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. UltraCamp issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.

User Passwords: All passwords are individually salted and hashed.

Data Encryption: All data is encrypted on our servers. Payment Information is not stored in UltraCamp at all and is instead stored in your separate gateway through Network Merchants.

Data Portability: In addition to having access through our cloud-based service, UltraCamp also enables you to export your data into a variety of formats so that you can back it up or use it with other applications.

Physical Security

Data Centers: Our information systems infrastructure (servers, networking equipment, etc.) is collocated at one or more third party data centers. We own and manage all of our equipment located in those data centers. All user data is stored on servers located in the United States.

Data Center Security: Our third party data centers are staffed and surveilled 24/7. Equipment is kept in locked cages further restricted and secured by security guards, visitor logs, and entry requirements such as passcards and biometric recognition.

Environmental Controls: Our equipment at the data center is maintained at controlled temperatures and humidity ranges which are continuously monitored for variations. Smoke and fire detection and response systems are in place.

Availability

Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.

Power: Servers have redundant internal and external power supplies. Data center has backup power supplies, and is able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.

Uptime: Continuous uptime monitoring, with immediate escalation to UltraCamp staff for any downtime.

Failover: Our database is log-shipped to standby servers and can failover in less than an hour.

Network Security

Uptime: Continuous uptime monitoring, with immediate escalation to UltraCamp staff for any downtime.

Third Party Scans: Weekly security scans are performed by ControlScan.

Firewall: Firewall restricts access to all ports except 80 (http) and 443 (https).

Access Control: Secure VPN, multifactor authentication, and role-based access is enforced for systems management by authorized engineering staff.

Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.

Storage Security

Backup Frequency: Backups occur hourly internally, and daily to a centralized backup system for storage in multiple geographically disparate sites.

Production Redundancy: Data stored on a RAID 10 array. O/S stored on a RAID 1 array.

Organizational & Administrative Security

Employee Screening: We perform background screening on all employees.

Training: We provide security and technology use training for employees.

Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality obligations if they deal with any user data.

Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to- know / least privilege necessary basis.

Audit Logging: We maintain and monitor audit logs on our services and systems (our logging systems generate gigabytes of log files each day).

Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.

Software Development Practices

Stack: Stack: We run on SQL Server 2019 and Windows 2019 Server.

Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if UltraCamp learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems and with your own staff access, to keep any data you download to your own computer away from prying eyes. We offer SSL to secure the transmission of data, but it is your responsibility to ensure that your system is configured to use that feature where appropriate.

UltraCamp customer support is limited to camp administrators only. If you are not an administrator, please contact your camp or organization directly for assistance.