Security Policy

Datacenter security

 

We use a third-party, top-tier datacenter that maintains several industry recognised certifications, including ISO 50001, pci-DSS, HDS and ISO 27001.

Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, UK Data Protection Act, EU Data Protection Directive, EU-US Privacy Shield, FISMA, among others.

 

 

Server security

 

Our servers are hardened according to EU Code of Conduct Datacentres and Tiers III design by the Uptime Institute (2014) standards and include file integrity monitoring (FIM), APT, rootkit detection and DDOS protection. All servers have secured loading docks, 24×7 on-site security guard, internal and external CCTV with complete site coverage, biometric scan & RFID badges, alarms monitored 24×7, water mist system and VESDA smoke detectors.

 

 

Encrypted transmission

 

All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support 128- or 256-bit cipher suites over TLS 1.1 or higher, protecting against unauthorized disclosure, modification, and replay attacks.

 

 

Encryption of authentication and session data

 

All authentication and session data is encrypted with AES-256, ensuring your account credentials and sessions remain protected and unreadable in a stored state.

 

 

Continuously scanning

 

We perform weekly internal and monthly external vulnerability scans to root out the latest in web, application, and system vulnerabilities. Additionally, we perform daily dynamic application scans using a leading web app security scanner.

 

We also keep looking for ways to improve our security and maintain things running smoothly and secure.