|Reliability||SwipedOn works in Offline mode. In the unlikely event of a server outage all data is queued and transferred to our servers on re-connection. This is perfect for making use of our Evacuation Management feature.
Our Cloud-based platform is engineered for redundancy and availability.Our platform uses load balancing techniques to auto-scale when demand is high.
|Passwords||User accounts and passwords are securely managed by AWS Cognito. Passwords are hashed using Bcrypt hashing function. Individual users can only reset their own password.
All SwipedOn staff are required to use a password vault manager. Staff are required to use 2-Factor authentication where available.
|Network and application security|
|Data Hosting||As a Cloud service, we do not host any servers ourselves. We outsource this task to Amazon Web Services (AWS). You can view AWS security information here.
The physical location of our servers are in the United States of America (AWS Ohio region: us-east-2).
The servers we use at AWS are Multi-Tenant. AWS have strict controls to prevent one tenant from accessing another tenant's data.All of our servers are within our own virtual private cloud (VPC) with network access controls.
|Backups||Our database is continuously versioned for recovery purposes using AWS RDS.|
|Data Storage||We use AWS Simple Storage Service (S3) for storage. Data at rest is encrypted using AWS-provided encryption.|
|Encryption & Sessions||Our web application (https://secure.swipedon.com) is only accessed via HTTPS and the entire HTTPS web application framework is protected with SSL certification.
Sessions are authenticated with a 23-character security token.
Each iPad has a 6-character randomly generated unique Device Identifier. iPad sessions are authenticated using a security token which is randomly re-activated after a set period of time.
All network traffic is encrypted both inside and outside our network.
|Additional security measures|
|Additional security measures||
We do not store your Credit Card details.We outsource the processing of your payments to specialist, secure PCI compliant companies: Stripe and Windcave. You can view their credentials here:
|Segregation of duties||SwipedOn staff do not have access to your data. The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account. In such circumstances, we will only access your data with your express permission.|
|Training||All employees complete Security and Awareness training annually.
SwipedOn has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
|Best practices||Our internal Data Protection Policy states that customer data is never to be stored on local machines.
Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.