Axcient holds our partners' data in highest regard. We maintain data integrity and protect partner data through methods that avoid compromise. Our current policy of data destruction is to never remove data unless specifically requested by the partner or data owner or if an account has expired for a substantial length of time. This policy will be updated to match the requirements of GDPR (General Data Protection Regulation) by March 2018; options will be provided to our partners who wish to continue with an unlimited retention policy after these changes have been put into effect.
CloudFinder uses military-grade encryption when transporting data over Secure Sockets Layer (SSL) encrypted connections. From the SSL encrypted connections it routes to an HTTPS stand-alone processes running behind a firewall. Our Server Side Encryption (SSE) uses at minimum 128-bit SSL (128-bit) in transit and 256-bit Advanced Encryption Standard (256-bit AES) at rest. Stored data is only accessed by Office 365 applications from behind a firewall.
Though not yet HIPAA compliant, CloudFinder is undergoing an audit for HIPAA compliance. The current status of our HIPAA compliance for each of our services can be found here: http://www.efolder.net/hipaaservices