Your data is stored on industry-leading Amazon data centres protected by physical barriers and guarded 24/7.
Your data is encrypted using 256-bit encryption via Comodo security (SSL) cert, similar to internet banking.
We have made the necessary changes to ensure our data protection practices are compliant.
Our Development Team and Best Practice
The OnePageCRM development team consists of trusted and experienced developers that continuously evaluate our coding practices to recognize and shore up vulnerabilities.
We maintain best practices to ensure your account remains secure. Customer data is stored in multi-tenant datastores with strict privacy controls to ensure data privacy. New features and updates are developed and released on development servers prior to being pushed live to the main production environment.
Extensive testing is undertaken by the OnePageCRM Quality team to ensure all new features are working correctly and the performance of the app is maintained.
Storing and Transferring Your Data
We use a top-tier, third party data hosting provider Amazon Web Services (AWS) with servers located in the U.S. AWS provides 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits.
Currently for our European and other non-U.S. customers, this means that your personal information is transferred to AWS's servers in the U.S. AWS is certified under the EU-US Privacy Shield. OnePageCRM relies on this certification to ensure our own compliance with respect to data transfers under European data protection laws. Please review AWS's FAQs re the Privacy Shield framework and its certification. AWS also provides a SOC 2 report for their cloud computing service which can be requested from their website.
We are in the process of setting up an EU based server which will be released later this year.
Your data is backed up on a nightly basis. OnePageCRM maintains multiple geographically separated data replicas and hosting environments to minimize the risk of data loss or outages.
Data Security and Authorised Access
The OnePageCRM servers in Amazon's data centre are isolated and run in a private network of Amazon’s Virtual Private Cloud Service. Access to the production environment where your data is stored is limited and held only by a dedicated members of our development team.
OnePageCRM follows a 256 bit encryption process between browser / mobile devices and our servers using Comodo SSL certificates which means that all data that goes between you and OnePageCRM is encrypted. We are graded A+ in the Qualys SSL Server Test.
The OnePageCRM dedicated security team continuously monitors security systems, event logs, notifications and alerts from all systems to identify and manage threats.
Vulnerability Scanning and Bug Bounty Program
OnePageCRM uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised. On a regular basis we engage third-party security experts to perform detailed penetration tests on our application and infrastructure.
We run a ‘bug bounty’ program with Bugcrowd, which gives security researchers a platform for testing and submitting vulnerability reports.
Incident Management and Response
While we maintain over 99.9% uptime for our services, failures do happen and we ensure that the impact of failure is minimized. Our team has a response procedure in place, and after the security event is resolved, we conduct a post-mortem analysis to prevent it from happening in the future.
OnePageCRM is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe. Details about their security setup and PCI compliance can be found at the Stripe security page.
In accordance with the GDPR, we undertake all pertinent precautions in order to preserve the security of the data. In the event of a breach of security, we will inform you without undue delay and use our best efforts to take all possible measures to neutralize the intrusion and minimize the impact. We have reviewed the security practices of our key third-party vendors to make sure we have the appropriate contractual protections in place to satisfy GDPR requirements.