X Close



Trust Section

As a leading provider of enterprise consent and preference management solutions, we understand how important it is to protect our customer’s data. Just as we go to great lengths to protect our client's privacy, we do the same to protect their data and provide a high level of system performance and reliability. We protect your data by implementing and following a strict protocol of security and compliance measures.

PossibleNOW’s Data Centers: Our highly secure data centers are hosted at QTS facilities with extensive physical and virtual safeguards in place.
Data Security Certifications and Policies: Our policies and practices are designed to provide our customers with peace of mind for regulatory compliance.
Privacy Policy: See how we’re committed to earning and maintaining our customers’ confidence.


Data Centers

PossibleNOW understands that the confidentiality, integrity, security and availability of our customers' information are vital to their business operations and our own success. We have stringent standards and processes in place to ensure data safety and integrity while maintaining a high-level of performance.

PossibleNOW's services are hosted on dedicated platforms at highly secure data centers. We have a data center in Suwanee, Georgia and another in Irving, Texas (view links for data center specifications and details).

Highlights of the access security measures in place include:

  • Visitors to the data center must present a photo ID, have their photo taken for a badge, and be escorted by authorized PossibleNOW personnel.
  • PossibleNOW's data center has its own private security force. The data center is staffed 24/7/365.
  • Numerous authentication factors are used to prevent unauthorized access including badge cards, biometrics and security guards for physical access, and access control devices for logical access.
  • PossibleNOW servers are locked in a private cage accessible only by badged, authorized PossibleNOW personnel.
  • Biometric access controls include fingerprints and iris pattern scanning for access to restricted areas.

Many of the additional security measures in place at the Suwanee, Georgia and Irving, Texas data centers are proprietary and confidential. To view QTS’s stated security measures, visit their site here. The following provides a high-level description of some of the additional security measures in place.

Hardware and Encryption

PossibleNOW's Data Center has CCTV monitored on a 24/7/365 basis and a private security force. There are no personal computers in the data storage area, only servers which are housed in a secure private cage. Any hardware brought into or removed from the data center is tracked and records are kept by Data Center Services (Quality Technology Services, the data center owner) and PossibleNOW's facilities manager. PossibleNOW's data center uses an environmentally-friendly power supply system that incorporates a steady stream of power from the local utility company and back-up power using constant power supply (CPS) and diesel generators. With the CPS system, there is no need for battery-powered UPS units.

PossibleNOW offers SSL for secure HTTP connections between a customer's computer and our servers in the data center. Any data that is sent encrypted remains encrypted. Additionally, intruder detection as well as fire detection and suppression systems are in place. Server, firewall, and critical system logs are reviewed, at a minimum, on a daily basis.

Disaster Recovery

All customer data is stored in secure QTS data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore application services in the event of an outage or loss of a primary data center.

PossibleNOW's network components and servers use a redundant configuration to help ensure availability. All customer data is backed up daily with incremental backups made hourly. Backups are made to disk and disks are archived monthly off-site by Iron Mountain in their secure facility.

Network Security Measures

PossibleNOW's Systems Department is charged with securing all network resources, both centralized and decentralized, and has the responsibility and authority to monitor network traffic to confirm that security practices and controls are adhered to and are effective. All security monitoring shall be executed in accordance with PossibleNOW Information Security policies. PossibleNOW maintains certain privacy and security certifications as well as policies `that apply to all information handling processes.

Data Security Certifications & Policies

PossibleNOW recognizes that our customers are subject to laws that govern the handling of personal information. As such, we seek to maintain compliance with such laws by providing a comprehensive privacy and security program that includes certifications, policies, practices, people, and technology.

PossibleNOW maintains a Service Organization Control (SOC) report
to provide assurance and detailed insight into the design and operating effectiveness of internal control systems implemented in our DNCSolution® and MyPreferences® platforms. Service Organization Control (SOC) reporting was developed by the American Institute of CPAs (AICPA) to provide a data security framework for service providers. Our successful completion of a SOC 2 Type II examination demonstrates that our company and our products have clear guidelines and proven procedures for managing customer data as it relates to security, availability, and confidentiality.

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. As an entity operating in global markets PossibleNOW and its Subsidiaries receive personal data from EU or Swiss individuals. PossibleNOW and its Subsidiaries are Privacy Shield certified to confirm its commitment to complying with the Privacy Shield principles.

Security Training & Communication

PossibleNOW’s comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.

Upon hiring, each employee undergoes training on PossibleNOW's Information and Data Security policies and must sign a statement that they have received such training. Updates to the Information and Data Security training are conducted as necessary throughout the employee's tenure at PossibleNOW.

PossibleNOW strongly encourages all customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks. PossibleNOW contacts customer administrators about specific security issues when warranted. Additionally, all PossibleNOW personnel are required to follow PossibleNOW's confidentiality, privacy, and information security policies.

Default Privacy and Security Features

Application features that protect customer data:

  • Connections to the PossibleNOW services are via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
  • Application logs record the individual who created each record, the creator, last modifier, timestamps, and IP address for every transaction completed.

Logical separation of customer data:

  • Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
  • Multi-tenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.

Network security measures include:

  • Network and host-based firewalls
  • Intrusion-detection sensors
  • Security event management system
  • External vulnerability scanning

Read our FAQs about our Consulting Services.