Confidentiality and Security
As a matter of company policy, access to customer data is compartmented and given strictly on a need-to-know basis. All employees and independent contractors sign a confidentiality agreement as part of their contract, prohibiting the disclosure of all non-public and confidential information during and after their contracts.
Expedited Transcripts has a valid SSL certificate, which establishes a secure connection between your browser and our website.
We work with Sucuri to provide additional monitoring and security, including extensive scanning, firewall protection, DDoS mitigation, and more.
We encrypt all form entries before the information is transferred. This means that field values are encrypted during transit and at rest. Only Expedited Transcripts can decrypt the data by uploading a private key.
Payment Card Industry Compliance (PCI)
PayPal handles all financial processing, including credit and debit transactions, between you and Expedited Transcripts. We do not store, process, or transmit any cardholder data in electronic format. This structure classifies Expedited Transcripts as a Self-Assessment Questionnaire-A (SAQ-A) merchant. We adhere to all applicable Payment Card Industry compliance guidelines.
Storage and Delivery of Documents
We use Citrix ShareFile to store your documents in secure, SSAE 16 audited datacenters. Files uploaded to ShareFile servers are saved with 256-bit AES encryption, and every file has a unique encryption key. When a file is uploaded, it is encrypted before being copied to its storage location. All uploaded files are scanned for malware including viruses, Trojans, and worms. Learn More >
We also use ShareFile to deliver transcripts. Email attachments are replaced with secure ShareFile links, where you can download your documents. Links prevent your documents from sitting in email folders unprotected, and they transfer data with SSL or TLS protocols with at least 128-bit high-grade encryption. Links expire 7 days after delivery. Our copies of transcripts and audio are automatically deleted 1 year after delivery. The one-year retention policy also applies to files stored in customer accounts.