Policies and Plans

Privacy Policy

Privacy Policy

Last Updated January 3, 2020

LoanPro Software strongly supports and believes in security and privacy. The following policies and procedures outline how we protect customer data.

INFORMATION THAT WE COLLECT - LoanPro Software collects information about both our Free-Trial and paid SaaS Clients. This information includes personally identifiable data that you provide directly such as name, phone, address, company name, and data gathered by our software such as browser type, time, location, and IP address from which the software is accessed. LoanPro Software does not offer services or sell products to children and does not request or knowingly collect personally identifiable contact information from minors.

COOKIES - The software we provide may set cookies in your web browser to store information during a period of software use. This information is necessary for various tools and features of the software including the collector queue, search parameters, and other features that use cookie data.

WHAT WE DO WITH COLLECTED DATA - LoanPro Software uses collected, non-personally-identifiable data to analyze and review our products to improve and enhance them. We also offer business opportunities to our clients on an opt-in basis for products, or connections that we deem relevant to that Client. We may use the data collected and share it in the normal operation of business to provide services that are integrated with our offerings. We may also share data with affiliated companies to market these integrated products and services, however, any products and services offered will be offered on an opt-in basis only. Note: LoanPro Software does not sell personally identifiable data to unrelated 3rd parties (no cold calling). LoanPro Software does share information with its related entities only in accordance with strict data security procedures.

DATA OWNERSHIP - All information or feedback that is provided to LoanPro Software, LLC becomes the express property of LoanPro Software, LLC with no intention or requirement of compensation for said material. During the Free-Trial period use of data entered into LoanPro Software is governed by section 2 of the Agreement. After the time the Client activates of the paid SaaS is completed then ownership of data is governed by section 4 of the SaaS agreement.

PUBLICITY - Unless agreed by Client to be included in our public Client list, or reference list. LoanPro Software shall keep current client lists private. LoanPro Software will not broadcast or create a press release announcing the agreement between the parties unless agreed to by both parties.

CONFIDENTIAL INFORMATION - Confidential Information is defined in the SaaS Agreement section 1.13. The party receiving Confidential Information will not disclose it to any person or use it for any purpose, except as expressly permitted by the Agreement. The receiving party may disclose Confidential Information only to its employees and contractors who need to know such information and who are bound to keep such information confidential. The receiving party will give Confidential Information at least the same level of protection as it gives its own confidential information of a similar nature or sensitivity, but not less than a reasonable level of protection. The receiving party will maintain Confidential Information in a safe and secure place and will not copy such information, except to the extent reasonably necessary for the purposes of this Agreement.

DATA SECURITY - LoanPro Software, LLC takes at least industry-standard precautions to protect our customers' information. When customers submit sensitive information, it is protected using safe and secure methods reasonably available. LoanPro Software through its use of PCI-Wallet who hold a PCI DSS Level 1 AOC Certificate is fully PCI Compliant. In addition to PCI compliance and data encryption we also use industry-standard security procedures to protect data offline. Our employees use customer-provided support codes to gain access to data in order to provide support. Through this system, a record is automatically kept of who authorized such support & who provided the support. All data access by LoanPro Software is restricted to within our pre-approved office locations and data center. Only employees who need the information to perform a specific job are granted access to personally identifiable information. Our employees must use a secure shell (ssh) to access this information and must also be allowed access from a specific IP address within our offices. Furthermore, All employees are kept up-to-date on our security and privacy practices to avoid security breaches through what is called "social engineering." Important details and changes are discussed in staff meetings and email memos. Finally, the servers on which we store personally identifiable information are kept in a secure environment, protected by a firewall and kept in a secure room in our data centers for physical security, currently with Amazon AWS.

CCPA - LoanPro Software helps its customers with the California Consumer Privacy Act (CCPA) compliance. LoanPro stores the following categories of data for its customers:

  1. Identifiers - This information potentially identifies an individual.
  2. Customer Records - This information is stored in the form of documents attached to a customer file.
  3. Internet Activity - This only includes IP address.
  4. Employment Information - This is information on an individual’s employment.

Under CCPA, customers can request a report of personal information that is currently stored, or can request that personal information is deleted. LoanPro provides a report of stored personal information for customers that can be generated, downloaded, and provided to them. LoanPro will also comply with requests to delete any customer data that falls under CCPA.

While LoanPro does not sell customer data, we have enabled tracking of whether a customer has opted out of the sale of their data. This can be updated at any time upon customer request.

NOTIFICATION OF CHANGES - If we ever need to change our privacy policy, we will post those changes on this page. Please review our Privacy Statement often to keep yourself aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

Why? Software & Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires lenders to tell you how they collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What? The types of personal information we collect and share depend on the product or service you have with us. This information can include:
  • Business EIN, address, contact information, and other business information, Agent user's: name, contact information
How? All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons LoanPro Software, LLC chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information Does LoanPro Software, LLC share? Can you limit this sharing?
For our everyday business purposes-such as to process your transactions, maintain your account(s), respond to court orders and legal investigations. YES NO
For our marketing purposes-to offer our products and services to you. YES NO
For joint marketing-with other financial companies. NO We don't share
For our affiliates’ everyday business purposes- information about your transactions and experiences. YES NO
For our affiliates’ everyday business purposes- information about your transactions and experiences. NO We don't share
To limit our sharing
  • Call 1-800-559-4PRO
  • Visit us online: loanprosoftware.com
  • Contact us via email: legal@simnang.com
Please note: If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice unless you have expressly directed us to immediately share your information. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.
Questions? Call 1-800-559-4PRO or go to loanprosoftware.com
Who we are
Who is providing this notice? LoanPro Software, LLC
What we do
How does LoanPro Software protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does LoanPro Software collect my personal information? We collect your personal information, for example, when you:
  • Open an Active or Trial Account
  • Use your payment profile on file
  • Use our websites
  • Give us your contact information

We also may collect your personal information from others, such as affiliated partners, other companies, social media, government agencies, and public records to comply with government requirements to know our customers.

Why can’t I limit all sharing? Federal law gives you the right to limit only
  • Sharing for affiliates’ everyday business purposes
  • Affiliates from using your information to market to you
  • Sharing for non affiliates to market to you

State laws and individual companies may give you additional right to limit sharing

Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies.
Non-affiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.
Non Affiliates we share with can include service providers and integrated partners for feature offerings.
Joint Marketing A formal agreement between non affiliated financial companies that together market financial products or services to you.
Our joint marketing partners include financial institutions, service level providers, industry consultants and other lending companies.
Other Important Information

Data Backup Policy

Data Backup Policy

Last Updated August 9, 2019

LoanPro operates on the AWS (Amazon Web Services) platform. This gives us the ability to provide several data backup features. All LoanPro database servers are hosted in AWS RDS, using an Aurora MySQL engine cluster in either provisioned or “serverless” mode.


Hot Standby — Our company employs a real-time hot standby database for all operating SQL databases. Data is synchronously replicated automatically to multiple availability zones, even if the database itself is hosted in a single availability zone. This provides data redundancy, but also allows for instance failover. In the event of a failure, the cluster automatically selects a read replica to be promoted as master with minimum service interruption (within 30 seconds) with no manual interaction required.

For serverless engines, failover time is currently undefined (typically under 10 minutes), because it depends on demand and capacity availability in other availability zones.

Point-In-Time Recovery — Our company utilizes Point-In-Time Recovery (PITR) for the entire database. This is achieved through Amazon RDS automated snapshots and Aurora backup data. We have the capability to restore the database to one of the existing daily snapshots (up to the past 7 calendar days) or to a specific point in time in the same period typically within 5 minutes.

Daily Backups — Our company utilizes the snapshot feature of Amazon RDS to do daily incremental backups, up to the past 7 calendar days. These daily backups are redundantly stored in Amazon Simple Storage Service (S3). Amazon S3 redundantly stores data in multiple facilities and on multiple devices within each facility. To increase durability, Amazon S3 synchronously stores snapshot data across multiple facilities before confirming that the data has been successfully stored.


All documents, images, and files uploaded to the software are hosted in Amazon S3 cloud storage with versioning. This versioning allows us to retrieve not only the most recent version of the file, but up to the last 100 saved revisions of the file.

Please note that backup procedures and data-retrieval protocols are based on Amazon’s current product line, which is subject to change. If Amazon changes its products or services in a way that materially, adversely affects LoanPro and its customers, LoanPro will use all reasonable efforts to negotiate a remedy with Amazon, or to find a substitute provider or method to provide the same service.

Data safety and integrity are top priorities at LoanPro. We take the safety of your business data very seriously.

Disaster Recovery Plan

Business Continuity & Disaster Recovery Plan

Last Updated August 2, 2019


It is our top priority to make our clients’ data available when and where they need it, in the cleanest, most organized way feasible. The purpose of this Disaster Recovery & Business Continuity Plan is to outline how we will fulfill this purpose, even if a disaster were to affect our operations.


A disaster is any event or circumstance that restricts our ability to deliver our software to our customers for more than 24 consecutive hours, or that prevents us from operating out of our current facilities for more than 1 week.

Order of Recovery

In the event of a disaster, the following would be the priority for recovery of our operations:

1. Continuous Delivery of Our Software
2. Software Development Operations
3. On-Demand Support
4. Onboarding
5. Software Development
6. Business Administration
7. Sales
8. Project Management
9. Marketing

Company & Software

We have architected our applications to facilitate automatic scaling or adjustment (fail-over). This keeps our applications running as seamlessly as possible, and limits downtime and recovery time, in the event of a disaster. We have also taken steps to ensure adequate data backup (See Data Backup Policy), rapid data recovery, and geographically diverse systems and personnel.

Responsibilities & Roles

LoanPro Software has well-defined roles for our team members, in the event of a disaster, to ensure efficient recovery of the application. These roles and responsibilities are in force even outside times of disaster. They cover the following areas: Preparation, Testing, Identification, Assessment, Containment, Eradication, Recovery, Post Mortem.

Customer Notification

In the event of a disaster that has an impact on the LoanPro Software application our organization will provide updates on the third-party provided Status page.

Software Application

Our software operates inside of the AWS (Amazon Web Services) Cloud platform. This provides us with significant disaster recovery options. We operate with a “hot standby” database which continuously mirrors data from the primary database and a “pilot light” system to enable more server power on the fly when needed for queued job processing and web traffic. AWS servers and databases are available in various geographically-diverse zones to insure against a localized disaster. This can all be managed remotely through an AWS dashboard allowing for quick deployment and automated scalability as needed. On the EC2 platform the current AWS service commitment is to provide 99.9% monthly uptime.

We utilize Amazon’s world class data centers, which are highly secure data centers equipped with state-of-the-art electronic surveillance and multi-factor access control systems. Data centers are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis. Environmental systems are designed to minimize the impact of disruptions to operations. Data centers located across multiple geographic regions (Availability Zones) allows for the effective mitigation and management of disasters. In the worst case scenario, we have architected system deployment which includes the streamlined ability to deploy the application to a new AWS region if necessary in a matter of hours.

Support & Phone System

We utilize VoIP phone systems with a fallback to landlines (or cell) in case of power or internet outages. In addition, at all of our support centers we operate with multiple internet providers and onsite backup generators in case of power outages. If a disaster were to disable our office for an extended period of time, we have the ability for support staff members to work remotely until the disaster is resolved. This allows us to continue to serve our clients throughout the disaster.

Geographic Diversification

We have diversified operations in multiple locations, including our headquarters in Farmington, Utah, USA. In addition to our headquarters we have small offices in Phoenix, Arizona, USA, and Hermosillo and Guadalajara, México. This diversification ensures that a local disaster will not affect our entire team. We also utilize servers across two continents that are backed up in geographically separate locations. This will ensure that at least part of our team has Internet access to be able to continue providing assistance and support to our clients. Our headquarters operates with redundant internet providers to ensure constant connectivity to provide service to our Clients.

Non-Time-Critical Recovery

PCI Wallet has insurance to cover our building, furniture, computers, etc. at our offices. Luckily due to a stellar software architecture design in the AWS Cloud recovery time for impacted items to our clients should be very limited, in the event of a disaster our physical office is not required in order to have the application fully functional.

LoanPro has implemented measures to mitigate the threat of disaster.

Database Failure - In the event that one or more of our primary databases fails, we employ a synchronized backup database, in a separate geographic location, that will take over. Should every primary database and corresponding hot standby fail, we keep 30 days worth of daily server backups, which are stored on Amazon's S3. Every 30 days, these data backups are stored in a magnetic format that can be put into service in 24-hours if all other backups fail. See Data Backup Policy for more details.

Server Failure - LoanPro has spent significant time structuring our code to make it possible to add new server instances on the fly. If any server fails, we can automatically create a new server and bring it into service. In addition we employ a dynamic load balancer to route traffic automatically which will result in limited/no impact to our clients in the event of a server failure.

Security Breach - LoanPro employs the latest security measures and testing to keep unauthorized users out of our software. Customer databases are separated to keep users from unauthorized data access. LoanPro stores personally identifiable information with a minimum of 256-bit encryption, making data that was illegally accessed very difficult, if not impossible, to use. Please review our data security breach policy for more details on how such an event would be handled.

Significant Loss of Personnel - LoanPro employs personnel in multiple countries across many geographic areas. While a reasonable number of them work at our main office, many of them, including a portion of our key personnel, work in satellite offices of sufficient distance that they would not all be affected by a localized disaster. Our company has policies and procedures in place that allow us to conduct normal business even if we suffer a significant loss in personnel.

Loss of Key Personnel - In the event that LoanPro loses a significant number of key personnel, there is an established hierarchy in place that dictates seniority among existing officers. LoanPro has also worked hard to document its policies, procedures, relationships, and code base to enable new and existing employees to carry on company operations if key personnel are lost. We have implemented a company knowledge base that includes documentation on every area of the business in an attempt to decentralize information and eliminate "islands of knowledge".

System Monitoring - We have both automatic 24x7 system monitoring as well as a rotating on-call Development Operations team monitoring the software application at all times. This business policy results in very short response times to address any disasters that may occur.

Data Security Breach & Incident Management Policy

Data Security Breach & Incident Management Policy

Last Updated August 02, 2019


LoanPro Software enforces rigid security protocols to prevent data security breach. These controls cover data access by all parties, and data-storage procedures including encryption, rotation of keys, firewalls, and other security measures. The purpose of this document is to outline our policies and procedures in the event that our data security is breached.

Security Measures

At a minimum, LoanPro Software uses industry-standard practices to protect our customers' information. Sensitive information is protected using the most secure methods that are reasonably available.

Payment Profile Information — LoanPro Software integrates with PCI Wallet, a sister product, for the storage of payment information and payment processing. PCI Wallet is PCI compliant and maintains a PCI-DSS Level 1 Attestation of Compliance (AOC). LoanPro is integrated according to PCI standards and never directly interacts with payment data.

Data Access — Data access is restricted by username and password authentication. LoanPro offers a multi-factor authentication option to further protect against unauthorized access.

Our personnel have access to client data only the client authorizes the access by providing a support code. Records are kept for each support transaction, that include information about the authorizing party and the authorized support representative. All data access by LoanPro Software personnel is restricted to within our offices through IP filtering. A record is kept of any changes made inside a client account by LoanPro personnel. Our hiring process includes a full background check of any new employee.

Employees are granted access to information on a need-to-know basis. Employees are regularly trained on our security and privacy practices to avoid security breaches through social engineering. Changes to privacy and security policies are also disseminated immediately through staff meetings and memoranda.

Employees who are authorized to access LoanPro databases must have their IP address whitelisted in order to do so. Access is only permitted through a secure shell (ssh). Permissions to hardware, environments, and data are configured per user, using the principle of least privilege. All servers are housed in Amazon data centers, which use the latest in firewall and other security technology.

Please see our Privacy Policy for more details on security measures.

Incident Management

LoanPro will take the following steps in the event of a data breach: identify and close vulnerabilities, reinforce, report.

In the Event of Data Breach

identify and Address Attack Points

If a security breach occurs, our first action will be to identify the vulnerability that allowed the breach to occur. Once a point of vulnerability is identified, our team will implement the necessary configuration, code, or controls to limit and/or close it. This includes the reinforcement of security protocols. For more information on identifying incidents, see the Incident Identification Policy.

We have self-contained and external monitoring that continuously runs on our system. The primary responsibility to identify and address vulnerabilities falls on the on-call personnel in each department of our software division. Once a vulnerability has been identified, our entire software division is responsible for identifying and mitigating vulnerabilities. Departments responsibilities are as follows:

Responsibility Department(s)
Identify Vulnerability Software Development, Development Operations
Eliminate/Mitigate Vulnerability Software Development, Development Operations
Test Vulnerability Fix Software Development, Development Operations, Quality Assurance

Provide Notice

LoanPro Software will provide timely and appropriate notice to affected parties, when there is reasonable belief that a breach in the security of private information has occurred. A breach in security is defined as an unauthorized acquisition of information from LoanPro Software. If it is determined that an external notification to the affected individuals is warranted, the following procedures will apply:

  1. Written notice will be provided to the affected individuals through the postal service, unless the cost is excessive or insufficient contact information exists. The evaluation of cost and the determination that cost is excessive will be the decision of the LoanPro Software CIO and its legal counsel.
  2. If written notice to the affected individuals is not reasonably possible, one or both of the following methods will be use to provide notice:
    1. Email
    2. Status Website


Security breach incidents are investigated fully after a fix for these events is put in place. Our internal and external monitoring keep a detailed log of all events. Access to these logs is also tracked. Access to the logs is given to personnel on a least-privilege basis. The tracking of access to logs serves as the chain of custody documentation for evidence of a breach incident.

If the breach was the result of actions of Simnang personnel, and the breach was not malicious in nature, a formal reprimand will be included in the individuals personnel file. If the same individual causes three breaches, without malicious intent, the individual’s employment or association with Simnang will be terminated.

Report to Authorities

Any attempt to circumvent data security is a violation of the SaaS Agreement. All attacks on LoanPro Software IT resources are infractions constituting misuse, vandalism or other criminal behavior. If the perpetrator of a security breach incident is identified, their information will be reported to law enforcement. When an incident is identified, it is the duty of any Simnang employee or contractor to report the incident to his or her direct supervisor.

If a LoanPro client or affiliated party suspects or can confirm an information security breach, the breach should be reported to LoanPro Software, either via email to security@simnang.com or by calling (800) 559-4PRO. LoanPro Software will investigate each report. Once the incident is dealt with, the reporting party will be notified of its conclusion.

Private Information

If the data in question is defined as personally identifiable and was not in an encrypted format, a public notification may be warranted. For the purposes of this policy data is defined as personally identifiable if it includes a name (first and last name or first initial and last name) in combination with any of the following: Social Security Number, Bank Account Number, Credit, or Debit Card Account number with security access, or password that would permit access to the account. Personal information that is publicly and lawfully available to the general public, such as address, phone number, and email address, are not considered private information for the purposes of this policy.

Incident Types

Unauthorized Physical Access


Our office is relatively small and employees are able to easily recognize a non-employee. Any visitor who has access to more than our reception area is also required to wear a visitors badge and provide identification. If unauthorized access is gained, Simnang adheres to a clean-desk policy, which requires all information on paper, white boards, etc. to be destroyed before the end of each day.

Passwords are required for all Simnang computers. System access and access to sensitive data also require authentication through passwords. On top of this, no customer data are stored directly on computers located on our premises, but are housed in the cloud.

Additionally, our office entrances are monitored by cameras 24 hours a day. These cameras continuously record everyone entering the office. If motion is detected after hours, an alert is sent to key personnel informing them of what is happening. The cameras provide the option of a live stream that can be viewed remotely by our personnel. Recordings from these cameras are kept for 30 days.

Recovery & Remediation

If unauthorized physical access is discovered, the proper authorities will be notified and provided footage from our in-office cameras. An assessment will be made to determine if anything was stolen, or if information could otherwise have been taken.

Passwords for our software applications, company GSuite accounts, Monday.com, and Zendesk will be administratively reset to ensure they aren’t used to gain unauthorized access to sensitive data.


Because unauthorized physical access does not guarantee unauthorized access to information, notification about a physical breach will occur when unauthorized access to information has occurred or seems reasonably likely.

LoanPro Software will provide timely and appropriate notice to affected parties, when there is reasonable belief that a breach in the security of private information has occurred. A breach in security is defined as an unauthorized acquisition of information from LoanPro Software. If it is determined that an external notification to the affected individuals is warranted, the following procedures will apply:

  1. Written notice will be provided to the affected individuals through the postal service, unless the cost is excessive or insufficient contact information exists. The evaluation of cost and the determination that cost is excessive will be the decision of the LoanPro Software CIO and its legal counsel.
  2. If written notice to the affected individuals is not reasonably possible, one or both of the following methods will be use to provide notice:
    1. Email
    2. Status Website

Information System Failure


We employ Pingdom and SumoLogic to continuously monitor our system an check for system failure. Our systems continuously monitor available disk space, CPU, RAM and Network load. For more information on system monitoring, see Operating Procedures.

Recovery & Remediation

When the system fails, our on-call developers or are our method of first response. On-call programmers are available 24x7x365. Our on-call development staff is responsible to make adjustments or fixes, where needed in order to bring the system back online.

Remediation and recovery may also require help from our business personnel to make sure the customer data is updated in a timely manner. Updates to customer data will always occur, but if there is a system outage, it can help if our system updates loans in a specific order.


If customers will be affected by a system outage, they are always notified via email as soon as possible. This notification may occur in the middle of the night, which is why email is the preferred method of notification. These notifications usually contain information about the outage, what is being done to fix it, and what the customer can or should do, if anything, to help the situation.

Malware Activity


Anti-virus scans are performed on a weekly basis on all workstations. Anti-virus software is updated continuously to ensure that all the latest known malware is scanned for. The system also logs information on the following:

  • Web Application Firewall
  • File Integrity Monitoring (FIM)
  • Application Exceptions
  • Web Server
  • Database Server

These logs are reviewed daily through Sumo Logic.

Recovery & Remediation

All Simnang products employ backups of both the code base and customer data. If Malware is found on any of the workstations, the typical procedure is to eradicate the malicious software, assess the impacts and recover the data or roll back the code if necessary.


If customer data is effected, or if the system will be down for any period of time, a post will be made to our status page and an email sent to the administrative user for affected customers.

Denial of Service


We employ Pingdom and SumoLogic to continuously monitor our system an check for system failure. Our systems continuously monitor available disk space, CPU, RAM and Network load. For more information on system monitoring, see Operating Procedures.

Recovery & Remediation

If the source of the denial of service is internal, the procedure is to fix the issue within our own system. If it’s an external attack, we will employ additional servers, where needed, while the source of the attack is identified and dealt with.


Denial of service notifications will be made through our status page.

Incomplete or Inaccurate Data


Our systems monitor file integrity and notify us of any issues. Logs of this monitoring can be queried to investigate any issues.


If we discover data problems, notification will be made to affected customers after the root cause of the loss of data integrity is discovered. Notification will most often occur via email.

Confidentiality Breach or Loss


Our systems are continuously monitored for potential unauthorized access. If confidentiality has been breached and an Simnang employee has allowed access to our systems by an outside party, suspicious activity will be detected based on the accessing IP address.

Recovery & Remediation

If access to the user interface has been obtained by an unauthorized party, their activity in the software will stamped with their user information. This makes it possible to identify and undo the changes they have made in the software.

If access has been gained to our code base or databases, our logs will show the activity taken by unauthorized parties. This activity can then be undone using our data backups or code base backups.


If customer data has been stolen as a part of the breach, our customers will be notified with as much information as is available about what was taken.

System Exploit


System exploits are identified through weekly penetration testing. We run OWASP ZAP tests and document test results.

We also perform monthly testing to identify new vulnerabilities. If these vulnerabilities are introduced by a third party library, plugin, or application, they are thoroughly researched in order to understand and mitigate their effects.

Finally, we perform yearly internal penetration testing to identify vulnerabilities in our own system security.

Recovery & Remediation

When a system exploit is found, the vulnerability is patched by our development and/or development operations team.


If a system exploit allowed possible access to customer data, or affected customers in other ways, customers will be notified of the breach via email. The email should include a description of the exploit and measure that the customer can take to guard against its effects, if any.

Unauthorized Logical Access


We perform a weekly review of user access and activity in the AWS Console and servers.

Recovery & Remediation

If access has been gained to our code base or databases, our logs will show the activity taken by unauthorized parties. If the activity was destructive, it can be undone using our data backups and code base backups. If sensitive information was taken, a report of the information will be made to the proper authorities.

Accounts and access are reviewed quarterly to ensure that access is not being granted where it shouldn’t and that inactive accounts are deleted.


All potentially-affected customers will be notified of unauthorized access and its potential effects via email. The email will be sent to the administrative user for each Simnang account.