logo

Data Protection Policy

Wizard Labs (Invoice Wizard, “we”, “us”, “our” and terms of similar meaning) operates the website hosted at the invoicewizard.io domain and all associated subdomains (the “Website”), as well as the services provided by the Website (the “Service”) in compliance with these terms and conditions of use.

Before you install our app on your store, you must read, understand and agree the terms stated here, and by using the Service you become legally bound by them.

The Service is an online invoicing software for Shopify stores. It is a mobile-compatible web application that allows the design and creation of invoices, packing slips, credit notes, and other document types. The Service is based on the SaaS (software as a service) model and requires a subscription.

Definitions

Electronic financial services that are delivered through electronic means, including, but not limited to, the Internet or other electronic delivery methods.

Encryption is the process of converting data into a form, called cipher text, which cannot be easily understood by unauthorized individuals.

Authentication is the process of verifying that someone or something is, in fact, who or what it is declared to be. Depending on the transactions, a more rigorous authentication process may be required.

Firewall is a hardware and/or software that is designed to examine network traffic using policy statements (ruleset) to block unauthorized access while allowing authorized communications to or from a network or electronic equipment.

Purpose

This privacy policy serves as both a guide and an overview for the management of personal data for users who have a subscription to the Invoice Wizard application.

Details

Invoice Wizard is dedicated to improving customer service through the use of various forms of electronic commerce activities.

These electronic commerce activities include the Invoice Wizard website, email, online invoice system, ACH transactions, ATM system, and online bill payment and services. They also encompass business-to-business transactions where interaction is conducted electronically between Invoice Wizard, its customers, and its business partners using the Internet as the communications network.

Invoice Wizard will establish policies to safeguard sensitive data. Each policy will include certain rules.

It is the standard practice of Invoice Wizard to protect customer data at all times, including when processing electronic commerce transactions. The information must be protected at both the sending and receiving ends of each transaction. To achieve this, several levels of protection are applied to electronic commerce activities.

The process of encrypting transactions ensures that the communication between parties is secure and cannot be intercepted or tampered with. The use of a minimum of 128-bit encryption is employed to protect the data in transmission and storage. Additionally, identity verification is required before conducting transactions, which is typically done through user IDs, passwords, and encryption certificates. System access is managed by assigning different levels of access to applications and data to users, based on their job function. This ensures that only authorized access to specific transactions is granted.

Online invoicing services use multi-factor authentication (MFA) to provide an additional layer of security for verifying transactions. This approach uses multiple methods for verifying the identity of the person conducting the transaction, making it harder for unauthorized access.

Invoice Wizard will use firewalls to protect internal systems from external and internal threats, by reviewing and maintaining the firewall operating systems and configurations. An audit log is kept to track any attempts to access blocked services, and firewalls will be implemented as needed to restrict access to non-corporate or inappropriate sites. The firewalls of vendor-hosted solutions will also be evaluated before they are implemented.

The use of firewall technology helps to regulate and restrict the traffic within the network. It directs outsiders to only approved internal resources, such as web pages while blocking other types of traffic, such as administrative tasks. This reduces the risk of unauthorized access to protected servers. The internal network is also protected from viruses through the use of network-level anti-virus software that is updated automatically on a regular basis. The updates are automatically loaded to each PC to provide the most current virus protection. Email is also scanned before delivery to prevent the potential entry of a virus into the network.

The IT department is protected by a card access system that only allows authorized personnel to enter. Sensitive data, hardware, and software are stored in a secure data center, which is monitored by IT staff, and access is restricted to a small number of authorized personnel. Invoice Wizard follows the practice of changing administrative passwords and revoking card access privileges when there is any change in IT staff. In addition to on-site storage, Invoice Wizard also stores overnight backups of critical systems data and replicated Storage Area Network storage at a secure off-site location, in case of disaster or other critical situations.

The IT staff regularly receives training and reviews all procedures at least once a year or whenever major system additions or changes are made.

The staff passwords are set to expire every 45 or 90 days on the host data processing system, requiring users to update their passwords. This measure, along with a strict company policy against sharing or disclosing passwords, is in place to prevent unauthorized access to systems and data. When there is a change in status from the Human Resources Department or other management team members, the IT staff promptly removes user access codes from the relevant systems.

Invoice Wizard is aware that e-commerce security concerns change on a daily basis. New threats to security, safety, and accuracy arise constantly, and system vendors release updates and patches regularly to address them. To maintain the security of key system components, Invoice Wizard will schedule regular consulting and audit oversight with a nationally recognized expert in e-commerce security, who may also provide technical assistance as new e-commerce features are added to the system, to ensure the ongoing safety and security of the existing systems.

Invoice Wizard uses various forms of data communication lines, including dial-up phone lines, direct point-to-point circuits and other private and public network connections. Data transmissions are secured, encrypted, and/or password protected as necessary.

Sensitive Data

Invoice Wizard will identify all confidential, restricted and highly restricted data throughout the application and across three categories, data-in-transit, in-store, and in-use. In identifying the sensitive data, Invoice Wizard will define the scope for which the DLP solution will be used. Each data set analyzed will be evaluated for the efficiency of using DLP products, whether the data is non-sensitive or if the DLP would be an effective tool in further securing the data. DLP products work by using signatures to identify restricted data when it is crossing boundaries. To identify the critical data and create its signatures, a process called fingerprinting is used. Data is stored in various forms and locations throughout the application, and requires identification. Various DLP products come with a discovery engine that crawls all searchable data in a given data store, indexes it, and makes it accessible through an intuitive interface that allows quick searching on data to find its sensitivity and ownership details.

Response Program

If Invoice Wizard suspects or detects that unauthorized individuals have gained access to member information systems, it will report such actions to the appropriate regulatory and law enforcement agencies in accordance with Invoice Wizard's information security response procedures.