Playground’s commitment to security
We take the safety, security and privacy of user data very seriously. We are committed to using the best technology and security systems to protect this information. We adhere to strict policies that respect the privacy of our users. We promise ongoing improvements to ensure the safety, privacy, and reliability of your Playground experience.
All personal information is stored by Google Cloud, one of the most-trusted, highly secure, cloud-based data storage solutions. Playground uses TLS and HTTPS across the entire app and website for all client-server communication. Only users with authorization can access Playground. Our website uses a Secure Sockets Layer (SSL) to protect your data with 256-bit encryption and industry standard authentication mechanisms to ensure that your data stays secure. This means that all data passed between Playground servers and your browser remains private.
We keep backups and routinely test our backup and restoration procedures on staging environment in the case of a production cybersecurity event. Our compliance team routinely tests recovery capabilities in the unlikely instance of a server outage. Additionally, Playground is able to recover from a disaster or cybersecurity event quickly - we have a monolith backend that is easy to replicate on new hosting environments if needed to transfer to a different cloud provider. Start up times are less than 4 minutes to deploy.
Access to a child’s information through Playground is provided only to the child’s primary guardians by their center. Once primary guardians have access to Playground it is at their sole discretion to share their child’s information with other family and relatives if they choose to do so. This access can also be revoked at any time at the discretion of the primary guardians.
Financial data security
Playground does not store any confidential banking information. We use a trusted 3rd party provider (Stripe) that uses the highest levels of encryption on bank transfers. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
No one at Playground has access to customer banking records. All families using Playground for payment must complete a two-step authentication process to verify their accounts.
In our commitment to reliability, Playground centers enjoy 99.9% uptime.
Playground has exhaustive logging of all record access. We have automated checks to look for activity that is suspicious such as repeated failure to access information. We also manually review failures to look for activity that could attempt to breach our security.
Playground has active logging of all requests to our system to document and track all network traffic through Playground. We have several active and passive tracking systems to check for bad actors such as notifying the team of all malformed and failed requests, alerting the team and denying service to those who repeatedly have failed or malformed requests, alerting administrators when other users with administrative access are added to the system to prevent account takeovers. We also have other systems in place to actively track all access to documents and data in Playground so we have a history of who has accessed each record and our automated systems can detect strange patterns or attempts at access by those who are unauthorized. Additionally, our team has automated tests and processes for detecting potential security vulnerabilities.
We use replica servers to ensure that even if one server or database goes down, we have replicas who can still process requests. Access to our system is managed by the administrator, and we have several safeguards such as email alerts when new administrators are added to help prevent account takeovers. There are automated safeguards such as forced log out after an expiry period, password complexity requirements, and more. We run nightly backups that are maintained for a minimum of 3 months in hot storage and keep weekly and monthly backups in cold storage for a minimum of 5 years. All data on Playground is encrypted and transferred using current best practices on data security. Google Cloud Platform uses the highest levels of security for all of their data and storage as well. (link to GCP)
Have any questions or concerns?
The privacy and safety of your child’s information is our highest prioritiy. If you have any questions at all, please do not hesitate to contact us.