We take the security of your data very seriously.
We secure the software with a multi-layered, best-in-class approach.
All connections between user browsers and the application servers are via 256-bit SSL encryption with only the latest cyphers.
SSL (HTTPS)
Add multiple administrator accounts, restricting access to relevant areas of the admin portal. All access is logged for a minimum of 90 days.
Access-controlled admin
All back-end access requires two-factor authentication. You can choose to require this level of security for all admin users.
Two-factor authentication
You can choose a low, medium or high password complexity for your employees or you can implement Single Sign-On with SAML for maximum security.
SSO and employee password policies
All data files uploaded are encrypted with client-specific keys using AES-256 which are regularly rotated.
File encryption
Development, staging and production environments are physically and logically separated, with no real customer data loaded to the development or test environments.
The development team are fully trained and updated on the OWASP Top 10 security flaws, and we conduct frequent vulnerability scanning of the web application.
Source code repositories undergo regular scheduled security scanning by static code analysis tools.
Secure development
Application is third-party penetration tested once a year with results available upon request.
Third party auditing
Secure cloud hosting.
We host where the world’s biggest online services hosts. Amazon Web Services (AWS) is home to NASA, Netflix, Expedia, Pinterest, Slack, Goldman Sachs, Workday, Zendesk, Reddit, Airbnb - and your future employee recognition program.
In addition to the high-level AWS security controls, all web servers are physically and logically separated from customer data on our database servers. Firewalls and intrusion detection systems protect our application and database servers, all monitored 24/7. Only those who require access are granted access rights with all activity monitored and recorded.
Read more about the AWS hosting service, access controls, reliability and disaster recovery here and more about security here.