Our priority is ensuring that data captured on devices, and stored on our platform is as secure as possible. To do this, our platform utilizes several key technologies to provide a high level of secure access and data protection.
Data on devices
For devices, we use AES 256 encryption keyed by the user's password to ensure the user's core information is kept secure. All access to the app is through the user's password, no public or anonymous login is supported. We do not store the user's password. If a user forgets their password the only option is to reset it with a new randomly generated one.
Images or media captured by the user's app is moved into the app's secure area, thus preventing sensitive media from being found in publicly accessible galleries or other areas on the device. All data captured is stored in the app's secure area on the device, thus ensuring that there is no publicly accessible record of user's work.
We use 256 bit Secure Socket Layer (SSL) communications to transfer data between the app and the web platform. This is a comparable, if not higher, level of security to that found on internet banking websites. It ensures that data is not compromised when being moved across open networks.
Data on Servers
By default, our platform uses the same 256 bit SSL communications for users logging into the secure website. Our data integration APIs are also secured in this way. All authentication on the platform requires username & password in order to gain access. Once logged into the site, data visibility is controlled by you. Using the platform, you can set up permissions and user groups to control what your users will have permission to see.
Our Cloud service runs on Microsoft's Windows Azure cloud platform, across 3 independent platform nodes - USA, Europe and Australia. Your account and all data will be located on the closest of these nodes by geographic longitude.
- Our US node is hosted in Azure's US East (Virginia, USA) data center, with geo-replication to Azure US West (California, USA) for redundancy.
- Our EU node is hosted in Azure West Europe (Amsterdam, Netherlands), geo-replicated to Azure North Europe (Dublin, Ireland).
- Our AU node is hosted in Azure Australia East (Sydney, Australia), geo-replicated to Azure Australia South East (Melbourne, Australia).
Windows Azure runs in geographically dispersed data centers that comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability. They are managed, monitored, and administered by Microsoft operations staff that have years of experience in delivering the world’s largest online services with 24 x 7 continuity. For more information, visit this link.
For a full list of Azure's compliance with security and privacy certifications, choose 'Azure' from the Services drop down in this link.
Support and maintenance of your data
If in doubt - host our platform on your own servers
We understand that for some clients, even the guarantees provided by Microsoft and our best efforts are not sufficient to meet stringent corporate or government requirements. To accommodate this, we offer a server installable version of our platform that you can host on your own infrastructure and systems. This is the best option for any data sensitive organization, as our cloud service is not involved in anyway with your data. We provide custom apps that are coded to communicate directly with your server installation. This forms a closed loop that ensures you have full control over your data at all times. To use this you need a Windows Server and Sql Server.
Contact us for more information!