BigTeams takes security of data very seriously. BigTeams works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. We do not rent or sell the Personal Data you provide to us. All data is housed within the United States. All connections to the Website, occur over industry-standard secure TLS connections using a strong cipher and minimum 2048-bit-key size certificate.
The data received from pre-participation forms are only used to complete the information needed to submit eligibility for student athletes and to provide information to the school and district. BigTeams complies with relevant FERPA and HIPAA requirements regarding security and privacy. Only school administrators and staff that have been designated by the school have access to view the information – principal, athletic director and assistants, coach of relevant teams and athletic trainers. BigTeams takes the following security measures: all access to the Services is over HTTPS, access to the physical servers is restricted to senior IT staff, and remote access is only over secure channels. All unnecessary services are disabled; firewalls are configured for each service to allow only approved traffic through. HIPAA and FERPA compliance is maintained through our use of Amazon Web Services (“AWS”).
AWS healthcare compliance links are here: https://aws.amazon.com/health/healthcare-compliance/
AWS FERPA blog: https://aws.amazon.com/blogs/security/ferpa-compliance-in-the-aws-cloud/
Overall AWS compliance info: https://aws.amazon.com/compliance/
AWS Security: https://aws.amazon.com/security/
Websites: We use various service providers to host the data we collect from the Websites, and we use technical measures to secure such data. We ensure a variety of security measures are implemented by such service providers, including firewalls, Secure Socket Layer (SSL) technology, encryption and authentication tools, to help protect your information. We protect your Personal Data with the same or better security measures than we protect our company data. While we use SSL encryption to protect sensitive information online, we also take steps to protect user information off-line. Access to all of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifying information.
When we send emails for notification purposes or for marketing purposes, we use SendGrid. We have verified SendGrid has reasonable safety and security measures in place related to Personal Data. You can learn more about SendGrid’s security policies here: https://sendgrid.com/policies/security/
We also use Salesforce for interaction with those who paid for our product and to handle customer support items. We have verified Salesforce has reasonable safety and security measures in place related to the Personal Data. You can learn more about Salesforce’s security policies here: https://trust.salesforce.com/en/security/
We also use Clickatell as an opt-in service for users of the Services to register and receive notifications by SMS. Clickatell also uses AWS. You can learn about AWS’s security policies here: https://aws.amazon.com/security/
In the event that BigTeams becomes aware of Personally Identified Data is accessed or obtained by an unauthorized individual, BigTeams will take immediate steps to limit and mitigate such security breach to the extent possible. We will provide notification to Customers as soon as practicable and no later than 48 hours of discovery.