Updated Jan 2021
We are committed to protecting your work and keeping your data secure. Therefore, we follow best practice in terms of our security procedures and use the best security tools in order to keep you work and data safe. Our data protection procedures are compliant with the EU General Data Protection Regulation (GDPR).
Here are some of the measures we employ.
We use a third-party, top-tier datacenter that maintains several industry recognised certifications, including ISO 50001, pci-DSS, HDS and ISO 27001.
Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, UK Data Protection Act, EU Data Protection Directive, FISMA, among others.
Our servers are hardened according to EU Code of Conduct Datacentres and Tiers III design by the Uptime Institute (2014) standards and include file integrity monitoring (FIM), rootkit detection and DDOS protection. All servers have secured loading docks, 24×7 on-site security guard, internal and external CCTV with complete site coverage, biometric scan & RFID badges, alarms monitored 24×7, water mist system and VESDA smoke detectors.
All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support 128- or 256-bit cipher suites over TLS 1.1 or higher, protecting against unauthorized disclosure, modification, and replay attacks.
Encryption of authentication and session data
All authentication and session data is encrypted with AES-256, ensuring your account credentials and sessions remain protected and unreadable in a stored state.
We perform weekly dynamic application scans using a leading web app security scanner.
We also keep looking for ways to improve our security and maintain our systems to ensure everything runs smoothly and securely.