Our priority is ensuring that the data you capture on devices as well as store on our platform is as secure as possible. To this end our platform utilises several key technologies to provide a high level of secure access and data protection.
On devices, we use AES 256 encryption keyed by the user’s password to ensure the user’s core information is kept secure.
All access to the app is through the user’s password – no public or anonymous login is supported.
We never store the user’s password, meaning that if a user forgets their password the only option is to reset it with a new randomly generated one.
All data captured is stored in the app’s secure area on the device, thus ensuring that there is no publicly accessible record of your user’s work.
By default, images or media captured by the user on the app are also moved into the app’s secure area, thus preventing sensitive media from being found in publicly accessible galleries or other such areas on the device. NEW: You can now override this if you wish to expose media via the phone’s galleries.
We use 256 bit Secure Socket Layer (SSL) communications to transfer data between the app and the web platform.
This is a comparable, if not higher, level of security to that found on internet banking websites, ensuring that data is not compromised when being moved across open networks.
By default, our platform uses the same 256 bit SSL communications for any user logging into the secure website.
Our data integration APIs are also secured in this way.
All authentication on the platform requires username & password in order to gain access.
Once logged into the site, data visibility is controlled by you – simply set up permissions and user groups on the platform to control which of your user’s can see what data/areas of the platform.
We have users worldwide and our Cloud service runs on Microsoft’s Windows Azure cloud platform, hosted out of Azure’s USA East Coast data center, with geo-replication to Azure USA West Coast for redundancy.
Windows Azure runs in geographically dispersed data centers that comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability. They are managed, monitored, and administered by Microsoft operations staff that have years of experience in delivering the world’s largest online services with 24 x 7 continuity.
For more information, see: http://www.windowsazure.com/en-us/support/trust-center/security/
If a Cloud-based solution is not right for your business, we also offer an on-premises solution which you can host wherever you like (subject to some minimum requirements). This option is intended for larger organisations or for where it is critical that you must have full sovereignty over the data.
Support and Maintenance of Your Data
Our team does not monitor or cache your data unless you ask us to – either through support or maintenance requests/tasks.