Security and Privacy Policy
Cueto & Cueto, Inc. takes your privacy and online security seriously. We encourage you to read this security and privacy policy and contact us with any questions or concerns. Use of the Cueto Event Services website or any of the instances of the Cueto Event Management Software implies your consent to these policies. We may update this policy at any time but the most recent version will always be posted on this page.
Unless you contact us, you are not required, nor do we ask you, to provide any personal information to browse the Cueto Event Services website. We respect your desire to remain anonymous.
Instances of the Cueto Event Management Software are licensed to our customers for the purposes of managing one or more aspects of a special event. We require all new customers to provide a visible privacy statement on their copy of the software. While you must agree to our customer's privacy policy to use their copy of the software, Cueto & Cueto's security and privacy policies on this page still apply, and supersede the customer's policy for matters of security and protecting end user information.
If you use the volunteer management portion of the software, you must create an account and provide your name, address, emergency contact information, e-mail address and a list of any medical concerns that might impact your work.
If you use the ticket sales or volunteer payment portion of the software, you must provide billing information, including your name, address, phone and e-mail, and credit card payment information. Your billing information will be stored in case our customer needs to contact you, but we do not store your payment information, except for the card type, the last four digits of your credit card number and the six digit authorization code returned by the credit card processor.
Our web server logs, which contain your IP address, web browser information, and your request, are kept for up to a month to identify any security concerns and then deleted permanently.
To view, change or delete your personal information, log in to the Cueto Event Management Software for your event. Use the "Settings", "Personal Information" or "Directory Listing" page, depending on your account type, to view or change your information. Please contact us if you'd like us to delete your information at any time.
Cueto & Cueto does not share, sell or release your information with anyone outside of our company or contracted to do work on behalf of our company, with the exception of compliance with laws, law enforcement or legal proceedings.
During normal use of the website the following third party services may be given access to some of your personal information to perform certain tasks:
- Amazon Web Services (E-Mail, Uploaded File Hosting) - Name, e-mail address, uploaded file contents (privacy policy)
- Authorize.Net (Credit Card Processing) - Payment information, name, address, contact information, order details (privacy policy)
- CyberSource (Credit Card Processing) - Payment information, name, address, contact information, order details (privacy policy)
- Duo Security (Two-Factor Authentication) - Name, e-mail address, phone number (privacy policy)
- Optimal Payments/Paysafe (Credit Card Processing) - Payment information, name, address, contact information, order details (privacy policy)
- PayPal (Payment Processing) - Payment information, name, address, contact information, order details (privacy policy)
- scanii (Uploaded File Virus Scanning) - Uploaded file contents (privacy policy)
- Shift4 (Credit Card Processing) - Payment information, name, address, contact information, order details (privacy policy)
- Twilio (Text Messaging) - Cell phone number (privacy policy)
Your information is only sent to these services when performing specific tasks. For instance, your payment information will only be sent to a single credit card processor and only when you initiate a transaction.
If you are using an instance of the Cueto Event Management Software, please read our customer's privacy policy, which dictates the personal information sharing policy for that particular instance. Cueto & Cueto is not responsible for any actions taken by our customers with regards to your information.
We make every effort possible to protect your personal information:
- All online communications involving login details, personal information or payment information are sent and received over an encrypted channel using Secure Sockets Layer.
- Any information collected is stored in a secure, password-protected database, behind a firewall. Each instance of the Cueto Event Management Software database is secured with a fresh, randomly-generated password which is not made available to our customer. Only two Cueto & Cueto employees have access to this list of passwords.
- Our web and database servers are isolated from the rest of our corporate network and run regularly-updated virus scanning software. We check for operating system updates on a daily basis and run daily malware and virus scans on our servers.
- We perform regular security audits, both on the servers and any running instances of the Cueto Event Management Software.
Cueto & Cueto is a United States company and all customer data is stored in the United States. If you do not consent to the storage of your information in the United States, please do not use any instances of the Cueto Event Management Software.
We are strongly opposed to all forms of tracking software and respect your desire to remain anonymous when using our website or web-based products. If you log in to one of the instances of the Cueto Event Management Software, you will get an ASP.NET session cookie which stores your current session ID in an encrypted form, which is usually deleted when you close your browser. Otherwise, we employ no forms of tracking or analytics software.
To help protect users and prevent security issues, our server sends a Content Security Policy back with each request which specifies the type and location of valid images, styles, scripts and other page elements. If a customer's site requires page elements outside of our default policy, we audit each file to ensure it meets our security standards before adding a per-event addition to this whitelist. Tag managers of any kind are explicitly forbidden because they remove our direct control over scripts.
Some of our clients may use web analytics software, such as
Google Analytics to track visitors to and from their instance of the event management software. We do not allow integration with any package that does not have an explicit privacy policy and the ability for users to easily opt out. If you have concerns or would like information on opting out, please
contact us.
The Cueto Event Services website and any instances of the Cueto Event Management Software may contain links to external websites. We are not responsible for the content or security and privacy policies of any other website.
To better protect the security and privacy of our clients, and the customers of our clients, use of the Cueto Event Management Software for purposes of duplication, reverse engineering, data theft or data farming is strictly prohibited and will result in the immediate termination of service.
We encourage you to contact us with questions or concerns about our security and privacy policies. Please use the
Contact page to do so. Due to our travel schedule it may take us several days to respond to your concern.