Effective Date: December 17th, 2017

Data Security Policy


The purpose of this Policy is to describe Miestro’s security policy regarding personal information collected and processed Miestro by Miestro’s online services (“Policy”).

Specifically, this Policy is intended to identify Miestro’s policies, procedures, and auditing and training practices utilized for data security, and our resulting responsibilities to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Miestro operates an online, software-based platform that enables Vendors to manage their own Affiliates as marketing partners (the “Affiliate Platform”).

Personal Information

Miestro provides its customers (Vendors and Affiliates) with rights to access and use the Affiliate Platform. In this capacity, we process information that our customers input into our system. This customer information is stored in a secure facility on hardened systems using industry standard data security methods. Access to this information is restricted to authorized personnel only as dictated by operational policies and instructions from the customer which provided the information.

Miestro collects personal information from identifiable persons for purposes of product registration and support, and from responses through our online Contact Us information. This information may be stored on Miestro’s internal computer network or in offline filing systems. Access to this information is restricted to authorized personnel only as dictated by operational policies.

Approach to Security

The following sections describe Miestro’s comprehensive approach to ensuring enterprise-wide compliance with its Policy. This consists of four (4) major areas: Security, Personnel Education, Audits and Contracts.

In addition, Miestro has outsourced its Internet Data Center to Amazon’s EC2 and S3 services. A description of the security protocols for these services is attached as Exhibit A.


Security of data is the cornerstone of verifying privacy of data. Miestro maintains a rigorous security posture through focused methodology. It is founded on the implementation of best practices and security policies in five (5) major areas providing enterprise wide coverage including:

Regulatory Controls

Organizational Controls

Service Provider Controls

Standardized Process and Practices

Business Partner Control.

Key policies in place that contribute to the verification and compliance with the Policy are:

Awareness and Training

Personnel Practices

Administrative Roles and Responsibilities

Network and Telecommunications Security

Incident Detection and Reporting

Malicious Code Control (Antivirus)

Portable Computers

Logical and System Access

Physical Access

Remote Access

Firewall Management

Third Party Services

Software Licensing and Appropriate usage

Auditing and Monitoring

Data Classification, Confidentiality, Integrity and Availability

Policy Compliance

Operational procedures demonstrating compliance with the Policy are:

Change Control

Event monitoring

Data backup

System hardening

The above referenced policies and procedures are documented and available for review.

Our Personnel

Our personnel consist of employees and contractors.

Personnel Education

Miestro regularly notifies and reinforces its Privacy Policy with its personnel. This is done using the following process:

The Privacy Policy is distributed company-wide via email upon employment and when updated.

The Policy is displayed on Miestro’s website.

At least once per year, the Policy is presented and discussed at a company-wide meeting.


The Policy is self-verified periodically by Miestro’s Security Officer. The Security Officer is responsible for:

Ensuring that the policies, guidelines, internal procedures, personnel training, and other measures necessary to implement the Policy are developed and put into practice,

Working with Miestro’s legal counsel to ensure Miestro’s ongoing compliance with applicable privacy laws and agreements, as well as any of Miestro’s other related legal obligations, and

Overseeing annual assessments of Miestro’s internal and external practices to ensure that they conform to the Policy and related company obligations.

In addition, Miestro, through its internal audit processes, conducts an audit of its security controls a minimum of once per year. This independent review assesses the physical security, network security and operational policies and controls in place to protect customer data.


Prior to (i) processing any personal information on behalf of an individual or entity, or (ii) transferring any personal information Miestro requires contracts with data security provisions as required by the Policy.

As a condition of employment, all Miestro personnel must sign a confidentiality agreement. This agreement includes a provision that addresses personnel responsibility regarding compliance with the Policy.

IN WITNESS WHEREOF, the undersigned Security Officer of Uncommon Grounds, Inc. hereby accepts this Data Security Policy and agrees to implement all terms and conditions thereof.


Justin Burns, Security Officer



Amazon Web Services: Overview of Security Processes

November 2014

(Please consult for the latest version of this paper)

Create Stunning Online Courses With The Fastest Platform Available And Broadcast It To The World In A Matter Of Minutes