Policies and Procedures
If you're looking for something and you don't see it below, please be sure to contact us.
Support Policy
Technical support is often provided in our helpdesk Mon-Fri, 9am - 5pm PST. Support provided outside normal business hours is provided by representatives volunteering their own time during non-business hours. We are located in the United States (Southern California) and only provide technical support in English.
Telephone Support
Telephone support is available but before technical support is provided via telephone, a support ticket must be opened. If the representative is unable to resolve the issue via support ticket, he or she will escalate the ticket to telephone support and will provide the customer with their direct toll-free line to call for further assistance. Telephone technical support is only available during office hours which are Mon-Fri, 9am - 5pm PST.
Refund Policy
We have a 14 day, no questions asked, money back guarantee on all iDevAffiliate licenses. Simple as that! To be eligible for refund you must have your request in prior to your first month's billing cycle. Individually purchased plugins for self-hosted versions are non-refundable.
Brand/Likeness Usage
Please be sure to use our provided brand assets and link directly to our main website (https://www.idevaffiliate.com/). Get the iDevAffiliate brand assets.
Installation Service
Once installation or setup services have been completed, the fee is non-refundable. This service is only available for the self-hosted version of our affiliate software.
Download Period and Upgrades
With the purchase of your self-hosted affiliate software you receive 1 year of free download and upgrade service. When downloading your product for the first time, be sure to save the download in a safe place. If you need a download and your 1 year of free download service has expired you'll need to purchase the download/upgrade service which is $199.00 for an additional 1 year of service and is non-refundable. If your download period has expired, we cannot send you a download of your original purchase.
Unauthorized Resale of Products
iDevAffiliate Inc. does not allow the unauthorized resale of products and will pursue any means necessary to prevent it. This includes contact from our attorney, an abuse report to your web host and charges filed with local authorities, the Federal Bureau of Investigations (FBI) and the Federal Trade Commission (FTC). It is a Federal crime to illegally resell software on the Internet. Our products are protected under copyright in the USA.
Transfer of License
License keys are non-transferrable. We do not allow transfer of license from one owner to another.
Liability
In no event shall iDevAffiliate Inc. (or it's employees) be held liable for any direct, indirect, consequential, special and exemplary damages, or any damages whatsoever, stemming from the use or performance of any information, products or services provided through this web site, even if this web site has been advised of the possibility of such damages. Although iDevAffiliate Inc. does its best to maintain the information, products and services it offers on the website, it cannot be held responsible for any mistakes, faults, lost profits or other consequential damages arising from the use of iDevAffiliate Inc. products.
Privacy Policy
If you wish to subscribe to our mailing list, we require your email address. We never sell or rent our databases and we never make your personal information public. We do not engage in SPAM. Any email you receive from us will be with regards to your purchase and/or technical support. By creating a customer account with us, you are automatically joining and agreeing to receive periodic product update emails from us to which you can opt-out of at anytime.
General Data Protection Regulation (GDPR)
Introduction
The General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to empower EU citizens with respect to their personal data, and to reshape the way organizations approach data privacy. It comes into effect on May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. The reach of the GDPR extends even beyond the borders of the EU. Any organization that markets products and services to individuals in the EU is obligated to comply with the GDPR, regardless of where in the world that company is located.
iDevAffiliate is committed to meeting our GDPR obligations and helping our customers meet theirs. Below are some of the steps we have taken to reach this goal.
Our Responsibilities
The GDPR divides responsibility for data protection between data controllers and data processors. Data controllers determine what data they collect, the purpose of that data collection, and the means, while data processors assist them to complete these tasks efficiently. In the affiliate marketing ecosystem, the marketers and publishers decide when to run or participate in affiliate marketing campaigns and the basic operational framework, meaning that they act as data controllers. iDevAffiliate creates tools to help companies manage their affiliate marketing campaigns. Practically, this means that we act as a data processor when we store and process data relating to individual affiliate marketers and end users on behalf of our customers.
As a data processor, it is our obligation to:
- Only process or transfer personal data on instructions from our customers, the data controllers
- Assist our customers with requests from end users, affiliates, and authorities on privacy-related matters
- Take reasonable and appropriate measures to secure personal data, and submit to regular auditing and testing
- Formally document our privacy and security practices and procedures
- Enter into contracts which reflect these obligations with our customers and sub-processors
The Obligations for Data Controllers
The GDPR significantly expands the responsibilities of data controllers. Among other obligations, data controllers must:
- Understand what personal data they collect, where it is stored, and with whom it is shared
- Identify a legal basis for processing personal data, such as end user consent or a legitimate interest
- Provide end users with relevant information regarding the use of their personal data and give them meaningful options over how it is used
- Respect the rights of data subjects to access their personal data, correct it, request that it be deleted, or receive it in a machine-readable format
- Adopt reasonable and appropriate steps to ensure the security of personal data
There can be more one than one data controller for the same information, in which case they are jointly responsible for complying with the GDPR. Companies sponsoring an affiliate marketing campaign should assess together with their affiliates whether the GDPR is applicable to their marketing activities. As joint data controllers, they should divide responsibility for GDPR compliance, such as preparing privacy policies to inform end users of their rights and obtaining consent to process their personal data, if necessary.
Our Solutions
iDevAffiliate has developed several tools and features to assist customers fulfill their GDRP obligations. We have prepared a Data Processing Agreement template for customers who process the personal data of EU residents. In addition, we offer the following solutions to some of the most common GDPR challenges.
- International Transfers
Transfers of personal data outside the EU are restricted unless certain conditions are met: the receiving party may be in a country which the European Commission has recognized as offering an equivalent standard of data protection, or the parties may have put in place certain contractual commitments.
For customers concerned about transferring data outside the EU, iDevAffiliate offers a self-hosted version of its software, meaning that end user and affiliate data will not be sent to our servers. iDevAffiliate can also enter into EU Model Clauses with customers who wish to do so.
- Removal of IP Addresses
One of the rights data subjects have under the GDPR is to request that their personal data be suppressed or erased. iDevAffiliate already has a feature which allows account administrators to delete IP addresses from visitor logs in response to such requests. This can be done in the iDevAffiliate administrative center at:
Logs menu (upper right) > Manage Traffic > Individual Customer Logs (tab)
Technical and Organizational Measures (TOMs)
These are the measures we have in place to protect and encrypt your data as well as our Access Control Policy, etc.
- iDevAffiliate is a fully remote based Company with no physical offices.
- We are a cloud based SAAS provider using 3rd party services for our infrastructure.
The reason we make note of the above two points: We have no exposure to the physical infrastructure itself. Our SAAS application is hosted by OVHcloud. OVHcloud holds certifications for the following.
- PCI DSS
- SOC 1, SOC 2, SOC 3
- ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701
View the complete list of certifications OVHcloud holds.
Specific Sub-Processors
As a cloud service provider, we use a number of different 3rd party vendors to deliver service to our SAAS customers. We only partner with vendors who provide us with a Data Processing Agreement (DPA), and those that handle data in accordance with the GDPR and equivalent legislation.
| Company | Location | Service Provided | DPA |
|---|---|---|---|
| OVHcloud | United States | Application Hosting (Server and Database) | OVH DPA |
| Cloudflare | United States | WAF / DNS / DDOS Protection | Cloudflare DPA |
| Stripe | United States | Payment Processor | Stripe DPA |
| Paypal | United States | Payment Processor | Paypal DPA |
| United States | Authenticator / Recaptcha | Google DPA | |
| Slack | United States | Internal Team Communication | Slack DPA |
| Microsoft Teams | United States | Internal Team Communication | Microsoft DPA |
| Rollbar | United States | Application Error Reporting | Rollbar DPA |
| Atlassian | United States | Bitbucket for Code Version Control | Atlassian DPA |
SSL/TLS Encryption
All service pages handling sensitive data, including login pages, payment processing, etc. use HTTPS w/ a valid SSL certificate. We offer regular certificate audits and instant renewals as needed.
Two-Factor Authentication (2FA)
The administration side of our SAAS product offers a 2FA option that includes Google Authenticator with a renewal option of 30 days. The front-end affiliate dashboard offers a time-based, one-time password reset via email code delivery.
Security Audits and Penetration Testing
Regular audits are performed for identifying vulnerabilities before exploitation can occur. These audits include reviews of systems, policies, procedures and of course code. Penetration testing involves simulated attacks. We execute internal and external pen testing.
Code Implementation
Regular use of code compliant functions are implemented as standard throughout our service.
- SQL injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
Access Control Policy
As a SAAS vendor, we have access to databases and customer data. We do not access any data unless required in the line of standard product support.
Self-Hosted Product
This version of our product is solely installed and hosted on our customer's webserver. That includes files and database. We have no access to any data or files on these webservers and would only obtain access from our client if warranted for support activity, and authorized by our client.
Self-Hosted customers enjoy the same security offering as cloud (SAAS) customers do with-regards-to regular updates. We maintain and offer regular updates to our self-hosted version. These updates include new features and feature updates as well as security patches (as needed). Updates are issed 2-3 times per year except in the event of a security issue. All security issues receive an instant update/patch and customers are made aware of the available update to keep their installation up-to-date for the latest security.