We take security extremely seriously as BoardSecure. Here is an outline of some of the key measures that we take to enforce this stance:
- Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
- One of the most common encryption technologies used in website and application development is SSL. SSL, or more accurately Secure Sockets Layer is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
- From the moment you start using BoardSecure, all activity you have with us (and with your fellow Board members when using the platform) is encrypted with SSL. Our SSL certificates use SHA-256 & 2048-bit encryption to protect your data, amongst the most secure measures currently available.
- BoardSecure never stores your credit card details on our platform, nor do we want to.
- If you choose to pay in advance via invoice, then payments are processed manually using Stripe credit card functionality.
- For your own security, we recommend you choose a password of at least 8 characters with a mixture of letters, numbers and punctuation characters when you create an account on BoardSecure. We also help enforce this with a simple validation check when you first register with the application.
- We recommend the use of a unique password (external password manager applications such as Roboform or Lastpass may help you here).
- Our platform is only accessible through the SSL protocols noted above, albeit we cannot be held responsible for how you access the internet and strongly suggest you ensure your environment is as secure as possible (for example we do not recommend you use public wifi to access the application).
- The web app will log-out when you leave the browser you are logged in with and will ask you to log-in once again to use the platform again.
Data Retention and storage
- We store the minimum amount of data required to provide our services as outlined in our Privacy and GDPR notice.
- Your data is stored and backed up offsite daily for recovery from disasters in Google’s Firebase environment.
- Your personal data is stored and backed up offsite daily for recovery from disasters in Data Centres in the UK & US so that we can enhance the delivery of our service.
- All Firebase services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process. More on this certification, including the provision that Google Firebase is GDPR ready, is available here.
- Customer data is held by BoardSecure for the purposes of our accounting records and fiscal duties, either within our CRM system or our financial system, both of which we have received confirmation for from their vendors that they are GDPR compliant.
- Credit cards details are only stored by PCI compliant service partners as noted above.