Back to all features

Data Security Enforcement

Use of MFA, encryption, permissions and monitoring to ensure your data is safe

Our measures can be summarised as follows: 1) Application design and system architecture 2) Security monitoring and scanning 3) Management process and accreditations

1. Application design and system architecture

  • Salestrekker is hosted on Amazon's AWS infrastructure in Sydney region/Australia. AWS provides industry standard data protection.
  • We hold documents in AWS S3 buckets, which utilise AES256 encryption for data at rest and limited encrypted access.
  • Databases are hosted on AWS EC2 servers with storage encrypted utilising AWS algorithms.
  • Access to these servers is limited via SSH encrypted communication protocol and 1024 bit keys.
  • Salestrekker application utilises TLS 1.2 and 1.3 encryption.
  • Application servers are protected using AWS firewalls and additional firewalls within the servers.
AWS office in AUstralia

2. Security Monitoring and Scanning

  • Fail 2 ban scanning actively monitors log files blocking access to all suspicious connections.
  • A dedicated Vulnerability Management and Web Application scans.
  • Scanning server is continuously scanning all Salestrekker servers and monitoring application and architecture security.
  • Utilising AWS, we perform regular system scans to establish compliance with various standards.
  • We undertake annual independent penetration tests to ensure a third party checks of our application and architecture security.
SOC 2 Type 2 certificate

3. Management Process and Accreditations

  • Salestrekker has an Information Security Management System in place, comprising of policy, procedures, risk management, training, system monitoring, incident management and continuous improvement management processes.
  • We have obtained SOC2 Type II accreditation, certifying our existing management practices and monitoring of their upkeep.
  • Salestrekker is ISO27001 accredited.
  • We are committed to obtain other industry relevant security certifications in the future (e.g. PCI DSS).
  • Our data security and management processes are regularly audited by APRA regulated banks.

Our Privacy Policy deals with other aspects of data handling.

Back to all features