Your data is stored on industry-leading Amazon data centres protected by physical barriers and guarded 24/7.
Your data is encrypted using 256-bit encryption via Comodo security (SSL) cert, similar to internet banking.
We have made the necessary changes to ensure our data protection practices are compliant.
Our Development Team and Best Practice
The OnePageCRM development team consists of trusted and experienced developers that continuously evaluate our coding practices to recognize and shore up vulnerabilities.
We maintain best practices to ensure your account remains secure. Customer data is stored in multi-tenant datastores with strict privacy controls to ensure data privacy. New features and updates are developed and released on development servers prior to being pushed live to the main production environment.
Extensive testing is undertaken by the OnePageCRM Quality team to ensure all new features are working correctly and the performance of the app is maintained.
Storing and Transferring Your Data
We use a top-tier, third-party data hosting provider Amazon Web Services (AWS) with servers located in the U.S. AWS provides 24/7/365 monitoring and surveillance, on-site security staff, and regular ongoing security audits.
Currently, for our European and other non-U.S. customers, this means that your personal information is transferred to AWS’s servers in the U.S. OnePageCRM relies on Standard Contractual Clauses (SCCs) included in the AWS GDPR Data Processing Addendum. SCCs are validated by the Court of Justice of the European Union as a mechanism for transferring data outside the European Union. AWS also provides a SOC 2 report for their cloud computing service which can be requested from their website.
Your data is backed up on a nightly basis. OnePageCRM maintains multiple geographically separated data replicas and hosting environments to minimize the risk of data loss or outages.
Data Security and Authorised Access
The OnePageCRM servers in Amazon’s data centre are isolated and run in a private network of Amazon’s Virtual Private Cloud Service. Access to the production environment where your data is stored is limited and held only by dedicated members of our development team.
OnePageCRM follows a 256-bit encryption process between browser / mobile devices and our servers using Comodo SSL certificates which means that all data that goes between you and OnePageCRM is encrypted. We are graded A in the Qualys SSL Server Test.
The OnePageCRM dedicated security team continuously monitors security systems, event logs, notifications, and alerts from all systems to identify and manage threats.
OnePageCRM has a Vulnerability Disclosure Policy which gives security researchers more information about testing and submitting vulnerability reports. Our dedicated security team responds to issues raised.
On a regular basis, we engage third-party security experts to perform detailed penetration tests on our application and infrastructure.
Incident Management and Response
While we maintain over 99.9% uptime for our services, failures do happen and we ensure that the impact of the failure is minimized. Our team has a response procedure in place, and after the security event is resolved, we conduct a post-mortem analysis to prevent it from happening in the future.
OnePageCRM is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe. Details about their security setup and PCI compliance can be found at the Stripe security page.
In accordance with the GDPR, we undertake all pertinent precautions in order to preserve the security of the data. In the event of a breach of security, we will inform you without undue delay and use our best efforts to take all possible measures to neutralize the intrusion and minimize the impact. We have reviewed the security practices of our key third-party vendors to make sure we have the appropriate contractual protections in place to satisfy GDPR requirements.