Data Privacy & Security Statement

Alstar Brokerage Solutions (“Alstar”) is committed to providing best-in-class insurance agency management solutions and commission automation software for the insurance industries. Our software can be referred to as an all-in-one Business Management System (BMS) or Database Management System (DBMS). In support of this commitment, Alstar has developed information security risk management policies to ensure the confidentiality, integrity, and availability of the data that is uploaded to the Alstar Network via the Alstar ATOMS™ software and services.

At Alstar, we prioritize the privacy and protection of your personal information. This Data Privacy and Security Statement outlines how we collect, store, use, and protect your data when you engage with our website and services. By using our services, you agree to the terms outlined in this privacy statement.

1. Information We Collect

We collect personal information that you provide to us directly when you interact with our website, sign up for our services, or contact us. The types of personal data we may collect include:

  • Personal Identifiable Information (PII): Name, email address, phone number, job title, company name, etc.

  • Account Information: User ID, login credentials, and other details necessary for your account management.

  • Payment Information: Billing address, credit card details, and other payment-related information.

  • Usage Information: Information about your interactions with our website, such as IP addresses, browser type, device type, and session data.

  • Cookies and Tracking Data: Information collected via cookies to enhance your user experience and provide analytics on site usage.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, manage, and improve our services.

  • To process payments and transactions related to your use of our services.

  • To communicate with you regarding service updates, support inquiries, and important changes to our services or policies.

  • To send marketing materials, updates, and promotions (if you have opted in to receive them).

  • To ensure the security and proper functioning of our website and services.

  •  To comply with legal and regulatory requirements.

3. How We Protect Your Information

We take data security seriously and employ industry-standard measures to protect your personal information. These include:

  • Encryption: All sensitive data, such as payment information, is encrypted using Secure Socket Layer (SSL) technology during transmission. Other communications are end-to-end encrypted using the Elliptic Curve Cryptography (ECC) enabled Transport Layer Security (TLS) protocol version 1.2 or higher with a minimum of 256-bit encryption for personal data in transit.

  • Firewalls & Anti-virus Protection: We maintain robust firewalls and anti-virus systems to safeguard against unauthorized access.

  • Regular Security Audits: We conduct regular security audits, including penetration testing and vulnerability assessments using tools like Netsparker, to identify and address potential vulnerabilities.

  • Infrastructure Security: We ensure that our infrastructure, including servers, databases, and networking equipment, are securely configured and constantly monitored. Our systems undergo regular updates and patches to maintain their security posture.

  • Activity Monitoring: Network and database activities are logged and actively monitored for potential security events, including intrusion attempts.

  • Access Control: Access to our data is only to authorized personnel who require the information to perform their job duties. External access is strictly forbidden and restricted. Our internal security policies are enforced across the board.

4. Third-Party Services, Data Sharing and Risk Management

We manage third-party risks through established internal policies and agreements reviewed by our appointed legal advisors. We have two lawyers on board to ensure all business arrangements and third-party risks are handled appropriately.

We do not sell, rent, or share your personal data with third parties for marketing purposes. However, we may share your data with trusted third-party service providers who assist in delivering our services, processing payments, or improve our offerings. These third parties are bound by confidentiality agreements and are only permitted to use your data for the specific purpose for which it was shared.

We may also disclose your personal information in the following cases:

  • To comply with legal or regulatory obligations.

  • To protect the rights, property, and safety of ALSTAR Solutions, our customers, and the public.

  • As part of a business transaction (e.g., merger, acquisition, sale of assets).

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your user experience on our website and to analyze how our services are used. Cookies help us remember your preferences, track the effectiveness of our marketing campaigns, and improve our website.

You can control the use of cookies through your browser settings, including the option to disable them. However, please note that some features of our website may not function properly if cookies are disabled.

6. Physical Security Controls (Data Center)

  • Access to the Data Center Providers' data center facilities is restricted to authorized personnel only.

  • The Data Center Providers' data center facilities are secured by professional security guards and monitored by closed circuit television 24/7.

  • A physical access control system (ID card and/or access code) has been implemented at entry and exit points of the Data Center Providers' data center facilities.

  • All visitors must be escorted by an employee of the Data Center Providers or, in some cases, a permanent badge-holder at all times when visiting the Data Center Providers' data center facilities.

7. Availability and Disaster Resistance (Data Center)

  • The Data Center Providers' data center facilities are designed, built, and maintained to withstand reasonably foreseeable adverse weather and other natural conditions.

  • Processing capacity is monitored on a daily basis.

  • The Data Center Providers have installed and maintain at least the following environmental protections:

    • Cooling systems

    • Battery-powered backup electrical supply and/or backup electrical generators

    • Redundant communications lines

    • Smoke/fire detectors

    • Automatic fire suppression systems

  • The status of environmental protections is continuously monitored by the Data Center Providers.

  • Environmental protections are tested and maintained regularly by the Data Center Providers.

  • Alstar has implemented a disaster recovery plan, which is periodically tested. The IT systems’ architecture of Alstar Service includes redundant backups of critical hardware and software components.

8. Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: You may request access to the personal data we hold about you.

  • Correction: You can request that we correct or update your personal information if it is inaccurate or incomplete.

  • Deletion: You may request the deletion of your personal information, subject to applicable legal requirements.

  • Opt-out of Marketing: You can opt-out of receiving marketing emails or other promotional communications by following the unsubscribe instructions in any communication we send.

To exercise these rights, contact us at contact@alstarsolutions.com

9. Business Continuity

We have established a business continuity plan to ensure security controls are maintained during an emergency or recovery mode. We define a "Hypocalypse mode" where our Network Admin, CTO, and Lead Developer monitor and configure emergency database transfers to new servers, firing up backup servers while resolving server failures. We also have DNS update capabilities to switch to a new server location and transaction log shipping enabled on all our databases.

9. Data Security Measures and Tools

We employ industry-standard security practices and tools to ensure the integrity and protection of all data:

  • Encryption: All sensitive data, such as payment information, is encrypted using Secure Socket Layer (SSL) technology during transmission. All communications between your browser and our servers are end-to-end encrypted using the Elliptic Curve Cryptography (ECC) enabled Transport Layer Security (TLS) protocol version 1.2 or higher with a minimum of 256-bit encryption for personal data in transit.

  • Firewall Protection: Our systems are protected by commercial-grade hardware firewalls, and only authorized personnel can access sensitive resources.

  • Netsparker: We regularly use Netsparker, an automated web application security scanner, to identify vulnerabilities and ensure the security of our web applications.

  • Penetration Testing: We perform annual penetration testing to simulate real-world attacks and identify weaknesses in our infrastructure.

  • Anti-virus: All servers and workstations are protected by up-to-date anti-virus software to mitigate the risk of potential malware and other security threats.

  • Access Control: Only authorized personnel have access to our sensitive data, and our internal security policies are enforced across the board.

10. Changes to This Privacy Statement

We may update this privacy statement from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to periodically review this statement to stay informed about how we are protecting your information.

11. Contact Information

If you have any questions or concerns about this privacy statement or our privacy practices, please contact us at:

  • Email: contact@alstarsolutions.com

  • Phone: 604 936 3336

  • Address: #128 - 11860 Hammersmith Way, Richmond, B.C. V7A 5G1, Canada