Employee Screening: We perform background screening on all employees.
Training: We provide security and technology use training for employees.
Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality obligations if they deal with any user data.
Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.
Audit Logging: We maintain and monitor audit logs on our services and systems (our logging systems generate gigabytes of log files each day).
Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.