Audits & Certifications
Our partners’ datacenter maintains ISO27001, SOC 1 Type II, and PCI compliance among other industry-standard certifications.
You can request our full security kit toward the bottom of this page.
Your data is housed in the United States at ViaWest’s Richardson, TX datacenter (ViaWest Richardson Data Center). This is the case for customers from the European Union as well as other worldwide locations.
ViaWest has a dual-standard SSAE 16 and ISAE 3402 Service Organization Control (SOC) 1 Type II, SOC 2 Type II, and SOC 3 reports covering each of ViaWest’s data centers to include operations, policies and procedures, and physical and environmental security controls. ViaWest also has facility-specific PCI and HIPAA compliance reports for physical security and information security policies. Additionally, ViaWest annually registers its adherence to the US-EU Safe Harbor Privacy framework.
We lease our own dedicated (iron) servers. We don't use any cloud hosting across our platform.
We send data over HTTPS (an encrypted channel) to our platform. We also encrypt passwords and other network credentials entered into the software.
We take extreme precautions to safeguard our platform. This includes the following measures deployed at our selected ViaWest datacenter (see datasheet for details):
o CCTV cameras inside and out
o Zoned-access control key card system with secure turnstiles
o Access list
o Visitors escorted at all times within the building
o Intrusion detection systems
o Security guards on-site 24/7
o Security patrol of complete business site
o Perimeter electric fencing
o Secured loading dock
o Complete location above sea level
o VESDA fire detection
o Gas based fire suppression
o Outside of flight paths
o Constant monitoring of security systems and alarms 24/7/365
Monitoring & Testing
We use internal and third-party systems to monitor the confidentiality, integrity, and availability of our platform. If an incident occurs, a team of engineers is alerted immediately. And, if needed, we'll alert you (the client) without delay.
We conduct routine vulnerability scans, penetration tests, and ensure our development efforts follow industry-standard guidelines/best practices.
Policies & Procedures
We follow formal documents to ensure consistency and reliability in our security. This includes requiring all employees to abide by our information security policy, insisting on SLAs (where possible), and maintaining a formal business continuity/disaster recovery plan.