RTRT.me - Real Time Race Tracking

Real-Time Race Tracking for World-Class Events

RTRT.me - IT Security Policy ( 2019-01-09 )



About this Policy

This is the IT Security Policy for Dilltree Inc (“Dilltree”, “RTRT.me”, “us” or “we”). RTRT.me is committed to securing and protecting your information from misuse.

Data Security

RTRT.me implements many security safeguards designed to protect your data. Some practices include:

  • HTTPS and TLS (Transport Layer Security) to transfer along with Strict-Transport-Security headers. Unsecured “http” requests are not allowed when interacting with our sites or services.
  • Servers in a Virtual Private Network. Communications between servers is encrypted and done via private addresses.
  • Firewall blocks access from public networks.
  • Data encryption for all storage.
  • Intrusion detection and sysadmin alerts for unusual activity.
  • Regular updates to services ensuring latest security patches.
  • Limited access to information for users based on roles.
  • System keys rotated and managed securely.

While no method of transmitting or storing data is completely secure, we continually monitor our systems and use all commercially reasonable methods to keep personal information securely in our files and systems.

Business Continuity

RTRT.me has a robust infrastructure and IT support model designed to ensure business continuity in the case of hardware failures, network issues and/or misc. disasters. Some practices include:

  • Systems: Redundancy and replication across multiple regions and multiple availability zones (isolated networks). Fail-over is automatic within regions and manual across regions. All systems and services are continually monitored by software agents and sysadmins are alerted at the first sign of trouble.
  • Staff: Staff are cross-trained in each others roles and work from various physical locations including USA (Florida, New York, Georgia, Illinois, Indiana, Colorado) and France (Paris). The IT team has on-call a minimum of two trained professionals at all times and is available 24/7 to handle any emergency IT related matters (software, security or infrastructure).

Data Breach:

RTRT.me implements security and privacy standards based on guidelines set under GDPR by the European Data Protection Regulation. In the unlikely event of a Data Breach, we follow the timelines and practices as defined here: https://gdpr-info.eu/art-33-gdpr/. For more information, please see our Privacy Policy.

Data Privacy

See https://rtrt.me/legal/privacy

SLA

See https://rtrt.me/docs/misc/service-level