Your security questions answered

You can read our security overview, know that we are GDPR compliant, but some of you will have specific security questions you’d like the answer to.

So we’ve compiled a list of short answers to help you complete those internal security questionnaires.

YES, absolutely!

It’s a big resounding yes to all the following questions:

  • Is data encrypted in transit over HTTPS?
  • Is data encrypted at rest?
  • Is data hosted in the USA?
  • Are passwords hashed and salted?
  • Do you conduct regular vulnerability scans?
  • Have you had an external penetration test?
  • Do you have remote backups?
  • Are backups encrypted?
  • Do you have a Web Application Firewall?
  • Do you have protection from DDoS attacks?
  • Is Database access firewalled and user restricted?
  • Do staff have to sign confidentiality agreements?
  • Do you do regular software updates?
  • Are hardware devices on laptops encrypted?
  • Do you host in the cloud, with Digital Ocean/AWS?
  • Do you provide an up to date list of 3rd party processors?
  • Do you offer 2FA?

No, absolutely not.

And a no to these questions:

  • Do you store debit/credit card details?
  • Do you store data outside the USA?
  • Do contractors have access to client data?
  • Do you outsource software development?
  • Can we use Single Sign On?
  • Do you sell data?
chevron-down