Security

We use industry-leading data protection and security measures to keep your information safe:

  • All information in transit is encrypted.
     

  • Internal and external access is restricted.
     

  • All sensitive data is encrypted at our Application servers and then sent to storage.
     

  • We are constantly testing and evaluating our networks and the security of our service providers.
     

  • To maintain the highest level of security, we use penetration tests, thorough code reviews and advanced QA testing processes.

Enterprise Grade Roles and Permissions
 

  • Ability to create organisational structures and permissions.
     

  • Ability to create users and admins.
     

  • Permissions can be applied and given across organisations.
     

  • Enforce separation of duties

Administrator Utilities
 

  • Full audit trail capabilities for administrators.
     

  • Add/edit/remove users, organisations and products
    .

  • View connections and relationships with other companies.

Hosted at Amazon AWS and Hosted Datacenter
 

  • SSAE-16 Type II compliant data centers.
     

  • Physical security with 24-hour surveillance and biometric access controls.
     

  • Redundant power, cooling, and internet connectivity.
     

Physical/Logical Access
 

  • Physical and logical access is restricted to authorised  personnel only.
     

  • All activity is logged and tracked.
     

  • Multi-Factor authentication.
     

  • Separate Non-Production and Production Environment

Data at Rest
 

 

  • All sensitive data is encrypted at the application layer using AES-256/SHA2.
     

  • Sensitive or above data, stored in DB, is stored as encrypted values.
     

  • Documents streams are encrypted before being stored in DB.

     


Data Transit
 

  • All data in transit from client is encrypted over HTTPS/TLSv1.2 using AES-256.
     

  • All internal server-to-server communication is encrypted.

     


Encryption
 

  • Key Management
     

  • Keys are rotated on a quarterly basis.
     

  • Data is re-encrypted on read/write access.
     

  • Keys are encrypted using AES-256.

     

 

Guiding Principle
 

  • Safety first. Encrypt everything that is encryptable.

GDPR Compliance

The EU General Data Protection Regulation, enforced from May 2018, is one the biggest changes to data privacy regulation for European businesses since 1995. 
 

We put security, privacy and data protection at the core of our product and constantly strive to go above the minimum regulatory standards. 

Learn more