Legal Stuff

Security Practices

SweepstakesPros Security Practices

Last Modified: August 24, 2025

Contents

1. Introduction

SweepstakesPros comprehensive security measures include physical and online security techniques to monitor and block irregular activity (i.e., hackers, automated entries, viruses, etc.) from disrupting your sweepstakes, contests, and games. Our advanced security techniques help ensure that your promotion will run smoothly, uninterrupted and error free. Our protection measures include:

2. Protection for You and Your Promotions

  • Legal Support & Indemnification. We stand behind our work. Subject to your Master Services Agreement (MSA), SweepstakesPros will indemnify you for claims arising directly from the services we provide related to your promotions, including our drafting, review, and approval of promotion rules and marketing materials, and for their compliance with applicable prize promotion laws (unless, of course, you disregard our recommendations).
  • In over 30 years, we have had zero legal challenges to promotions run by SweepstakesPros.
  • We are hands-on experts at creating, running, and managing sweepstakes, contests and promotions.
  • We have run thousands of successful promotions since we were founded over 30 years ago.
  • SweepstakesPros provides access to licensed attorneys in over 100 countries to help ensure your promotions are legal in every country you run them.
  • We are promotions experts. We understand the complex state, federal and international laws that govern sweepstakes and we know what it takes to make your promotion a success.

3. Data Center Security

  • The data collected for your promotions via our Promotions Platform are stored on secure servers hosted on the Amazon AWS cloud platform, located in Virginia, USA. The AWS cloud security infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables SweepstakesPros to deploy high volume promotions quickly and securely. For more information on AWS security please visit http://aws.amazon.com/security/.
  • AWS maintains numerous third-party assessments for its infrastructure (e.g., SOC reports, ISO/IEC 27001/27017/27018, PCI DSS for applicable services). SweepstakesPros leverages these facilities and implements application-level controls appropriate to our services.
  • These data centers feature biometric access systems, data center cages, security cameras, entry/exit audit trails, and are managed 24/7/365 with onsite security staff.
  • Our Promotions Platform and websites employ layered DDoS protection.
  • System access is restricted to authorized personnel and protected by least-privilege role-based access control (RBAC), multifactor security, network segmentation, VPNs where appropriate, and firewall rules. Access is reviewed on a regular basis.

4. Data Privacy Measures

  • Data is encrypted in transit (HTTPS/TLS 1.2+; TLS 1.3 preferred) and at rest with strong industry-standard ciphers and managed keys.
  • We do not sell your data or the data you collect with our Promotions Platform.
  • All application traffic, including authentication, occurs over HTTPS (TLS). HTTPS is available and enforced on all campaigns hosted by SweepstakesPros.
  • We implement controls to support our Clients' GDPR and other privacy obligations (e.g., data minimization, access controls, audit logging, encryption, regional transfer mechanisms). Our Sub-Processors are vetted and bound by data protection terms.
  • Winner Tax Data Controls. Where Clients instruct us to collect winner tax information (e.g., SSN/ITIN/TIN or non-U.S. equivalents) for prize administration and tax reporting, access is strictly limited on a need-to-know basis, data is encrypted at rest and in transit, and files are transmitted via secure, encrypted channels. Such data is retained only for periods required by applicable tax and recordkeeping laws and then securely deleted or irreversibly anonymized (with backups purged on the next cycle).
  • You can learn more about privacy by reviewing our Privacy Policy.
  • Visit our list of Sub-Processors to learn more.

5. Data Loss and Corruption Prevention

  • To keep your data safe, each client's data is stored in separate, secure databases. Your data is never mixed with other clients' data.
  • Backups are encrypted and tested on a regular basis.
  • SweepstakesPros technology infrastructure provides enterprise scalability, maximum security, and redundancy with firewalls, load balanced servers, encrypted database servers, IDS/IPS tools, virus protection, and daily backups.
  • Our promotion systems are monitored 24 hours a day 7 days a week for suspicious activity, errors, issues, potential issues, and performance.
  • Physical access controls are in place to protect hard-copy data and computer equipment. Operational security procedures are devised to minimize the number of storage locations in which personal data is held.
  • Security policies and mechanisms include unique user accounts, disabled shared/guest accounts, RBAC and least-privilege access, strong credential standards with MFA, central logging, timely security patching, antimalware, firewalls, VPNs, and encryption of personal data during transit and at rest.
  • Unique user accounts (with strong password requirements) are assigned to each user. Access to personal data is limited only to user accounts approved to access such data.
  • A clean desk policy is always maintained by SweepstakesPros' personnel. All forms of physical personal data such as promotion entry forms, tax documents, and entry validations are not left out on desks or in open areas when not needed. All confidential materials and data are stored in secure locked areas with limited access.

6. Proper Data Destruction

  • We maintain written data retention and destruction procedures covering digital and physical records (e.g., promotion entries, winner lists, validation letters, tax records, mail, long-term storage). We minimize confidential data collection and securely destroy data when it is no longer needed or at the end of the applicable retention period.
  • All paper documents containing confidential or personal data are destroyed using cross-cut shredders.
  • When IT equipment is decommissioned, storage media is securely wiped (cryptographic erase/overwrite) or physically destroyed prior to disposal.

7. Data Breach Protocols

  • SweepstakesPros ensures the security of client data and confidential information. Our information security incident response process detects, responds to, and reports incidents quickly and effectively. Our systems help ensure that we minimize losses, address weaknesses, swiftly restore system functionality, and maintain business continuity.
  • Comprehensive chain of custody procedures are followed to protect evidence gained during any security incident.
  • Where we act as a processor, we will notify Clients without undue delay after becoming aware of a personal data breach and provide information required to support Client notifications, consistent with our DPA.

8. Employee Education & Internal Protocols

  • Employees that have access to customer data undergo criminal history background checks prior to employment.
  • All employees are required to sign non-disclosure and confidentiality agreements.
  • We provide information and training to our employees regarding privacy and security best practices.
  • Access to systems and data is promptly removed upon role change or separation and verified through termination checklists.
  • To protect our company from a variety of different losses, SweepstakesPros has established a comprehensive insurance program. Coverage includes: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, workers compensation, and commercial general liability coverage.

9. Promotion Specific Protections

  • Independent Arbitration & Dispute Resolution. SweepstakesPros will act as the third-party independent judging organization for your promotion. We will interpret the rules and make fair and impartial decisions if issues arise, and we will manage any consumer complaints or inquiries. This helps protect you. By designating SweepstakesPros as the third-party independent judge in the Official Rules of the promotion you, and more importantly your entrants, agree that if an issue or complaint arises, SweepstakesPros will decide how best to interpret the rules and proceed. Our role is designed to provide a clear and efficient process for resolving consumer complaints and promoting fairness in your promotion and can help mitigate potential disputes.
  • Secure Data & Record Keeping. Running a promotion involves strict rules for handling data and keeping records. SweepstakesPros manages this entire process for you, securely storing all promotion data and maintaining records in full compliance with applicable laws.
  • Quality Assurance Testing.Our Quality Assurance Engineers perform rigorous testing of your promotion for functionality, browser support, stability, security and load.
  • Entry Restrictions. Consumers can be limited to entering the promotion based on any criteria such as email address, household, frequency (i.e., once per day), geography (i.e., excluding Florida), age (must be over 18), or any other criteria desired.
  • Child/Minor Participation Controls We provide configurable age-gating and (where required) parental consent workflows to help Clients address child privacy requirements (e.g., COPPA, CARU). These systems can block child registrations or require parental permission before children can participate in the promotion.
  • Data Collection and Tracking. All visitor tracking and submission data is collected centrally in a secure, redundant, encrypted database.
  • Duplicate Validation. Players can be restricted from entering a promotion multiple times based on any criteria such as name, phone number, email address, household, frequency (i.e., once per day), geography (i.e., excluding Florida), age (must be over 18) or any other criteria desired. SweepstakesPros' advanced duplication algorithms make it difficult to thwart duplication validation.
  • Entry Validation. Sweepstakes entries are validated to ensure that the information is accurate and complete and that all entrants meet the requirements of the Official Rules (e.g. entry frequency, geography, age, etc.)
  • Winner Validation. Promotion winners are validated to ensure that their information is accurate and complete and that they all meet the requirements of the Official Rules (e.g. entry frequency, geography, age, etc.)
  • Bot Protection. This feature secures your promotion entry forms with CAPTCHA challenges and other security techniques to block spammers, automated programs, and bots from interfering in promotions.
  • Audit Logs. SweepstakesPros maintains complete activity logs and audit trails of all entries, validation errors, winners, and suspicious activities.
  • IP Address Blocking. Hackers are blacklisted and blocked from disrupting promotions by their IP address.
  • High Volumes. Our load balanced cloud-based servers support extremely large volumes of traffic.
  • Fault Tolerance.Our cloud-based systems provide redundancy for hardware, software, power, and bandwidth.

SweepstakesPros takes data security and privacy very seriously. While we can't reveal everything about our security practices (as it can empower the very people we are protecting against), we hope that the information provided in this document gives you confidence in the security of our promotions and the data that you entrust to us.