How we look after your data
At SwipedOn, security is a priority!
We understand that the protection and security of our customer data is our most important responsibility. Thousands of companies around the world trust SwipedOn Desks to treat their data with the respect it deserves. We do not take that responsibility lightly, and we're constantly improving our security procedures across the business.
We keep a close eye on the latest data regulations and in particular, the EU General Data Protection Regulations (GDPR). You can find out more on how to use SwipedOn with the GDPR here.
As a Cloud service, we do not host any servers ourselves. We outsource this task to Microsoft Azure Servers (Azure). You can view Azure security information here.
Our servers are located in the Azure North Central US region (Illinois). The servers we use are Multi-Tenant. Azure has strict controls to prevent one tenant from accessing another tenant's data.
All of our servers are within our own virtual private cloud (VPC) with network access controls.
Our database is continuously versioned for recovery purposes using Azure backups. We employ a PITR (Point-in-time restore) of data from the last 7 days.
We use Azure Blob Storage for retention of:
- Floorplan maps
- Location, level and desk photos
Our web application (https://desks.swipedon.com/) is only accessed via HTTPS, and the entire HTTPS web application framework is protected with SSL certification.
Sessions are authenticated using JSON Web Tokens (JWT)
User login is either through integration with Microsoft Azure AD or via Swipedon Desks user management.
Microsoft Azure AD stores and maintains all passwords. Swipedon Desks is granted access upon successful authentication via an OAuth access token.
Swipedon Desks user management stores passwords in a hashed and encrypted format. Passwords can only be changed and not retrieved. Our Customer Support staff follows strict policies for the resetting of client passwords and has no ability to retrieve the passwords.
All SwipedOn staff are required to use the password vault manager 1Password. Staff are required to use 2-Factor authentication where available.
We do not store your Credit Card details. We outsource the processing of your payments to a specialist, secure PCI compliant company: Stripe.
You can view their credentials here:
Segregation of duties
SwipedOn Desks staff do not have access to your data. The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account. In such circumstances, we will only access your data with your express permission.
Our internal Data Protection Policy states that customer data is never to be stored on local machines.
Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.
Our Cloud-based platform is engineered for redundancy and availability. The
Our platform uses load balancing techniques including elastic pooling to auto-scale based on demand.