|Reliability||SwipedOn works in Offline mode. In the unlikely event of a server outage all data is queued and transferred to our servers on re-connection. This is perfect for making use of our Evacuation Management feature.
Our Cloud-based platform is engineered for redundancy and availability.Our platform uses load balancing techniques to auto-scale when demand is high.
|Passwords||All user passwords are hashed using Bcrypt hashing function. Passwords can only be changed and not retrieved. Our Customer Support staff follows strict policies for the reseting of client passwords.
All SwipedOn staff are required to use the password vault manager 1Password. Staff are required to use 2-Factor authentication where available and we mandate screen locking time-limits of 2 minutes.
|Customer Best Practice||You can follow our Staying Secure with SwipedOn document here.|
|Network and application security|
|Data Hosting||As a Cloud service, we do not host any servers ourselves. We outsource this task to Amazon Web Services (AWS). You can view AWS security information here.
The physical location of our servers are in the United States of America (AWS Ohio region: us-east-2).
The servers we use at AWS are Multi-Tenant. AWS have strict controls to prevent one tenant from accessing another tenant's data.All of our servers are within our own virtual private cloud (VPC) with network access controls.
|Backups||Our database is continuously versioned for recovery purposes using AWS RDS.|
|Data Storage||We use AWS Simple Storage Service (S3) for storage.|
|Encryption & Sessions||Our web application (https://secure.swipedon.com) is only accessed via HTTPS and the entire HTTPS web application framework is protected with SSL certification.
Sessions are authenticated with a 23-character security token.
Each iPad has a 6-character randomly generated unique Device Identifier. iPad sessions are authenticated using a security token which is randomly re-activated after a set period of time.
|Additional security measures|
|Additional security measures||We do not store your Credit Card details. We outsource the processing of your payments to Payment Express, a secure PCI compliant company. You can view Payment Express's credentials here:|
|Segregation of duties||SwipedOn staff do not have access to your data. The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account. In such circumstances, we will only access your data with your express permission.|
|Training||All employees complete Security and Awareness training annually.
SwipedOn has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
|Best practices||Our internal Data Protection Policy states that customer data is never to be stored on local machines.
Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.