7 (3).png

How we protect your data

We respect your privacy

We comply with the strongest global data protection regulations including the GDPR and CCPA.  We will never sell or share your data with others without your consent, nor retain it for any longer than we need to for business or legal purposes.

Secure data centres & application security

We carry out stringent reviews of all third parties that we use to process data and ensure their data centres have robust security measures in place. 

All our service providers have certifications in at least one of the following –

PCI-DSS – Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.

SOC 2 - System and Organization Controls (SOC) 2 is a comprehensive reporting framework put forth by the American Institute of Certified Public Accountants (AICPA) in which independent, third-party auditors assess and test controls relating to the Trust Services Criteria (TSC) of Security, Availability, Processing Integrity, Confidentiality or Privacy.

ISO 27001 - ISO/IEC 27001 is an international standard on how to manage information security.

We conduct regular network vulnerability testing and contract an independent third-party to conduct penetration testing at least annually.

We maintain disaster and incident response plans to ensure that even in the worst scenarios we are prepared to protect your information. We test and audit these plans annually, to ensure we’re always ready to respond.

Data security

We ensure all sensitive data is encrypted in transit and whilst at rest using strong industry standard encryption algorithms.

We have strong access controls in place for all system administrators, only those that need access for their role have access.  This access is controlled through strong complex password rules and multi factor authentication.

We keep security logs for 12 months to ensure any anomalies can be properly investigated.

We run regular backups of our systems to ensure your data is safe in case of disasters.

 

Security policies, procedures & training

We ensure all personnel are trained at least annually in IT security awareness and training relevant to their role.  All personnel must follow our internal policies and procedures at all times and our developer’s code to industry standards as defined by the Open Web Application Security Project® (OWASP)

GDPR-badge.png
compliant-ccpa.png