Terms of Service and Data Protection

Data Processing Agreement

Security Documentation

Privacy Policy

Copyright Policy

General Terms

Terms of Service

Data Encryption In Transit and At Rest
We work hard to maintain best practices for encryption and disable support for older encryption standards that are no longer considered strong. This is one reason that we drop support for older browsers aggressively.
 
Data center security
Your data is hosted by Compuweb Communication Services Ltd (CWCS). CWCS take physical and network security seriously. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.
 
CWCS maintain multiple certifications for its data centers, including ISO 27001 compliance. These certificates are available on request.
 
Access control
You choose who to invite to your account and the permissions they have. Our team do not have access to login to your account. On rare occasions, it may be that we can better assist in investigating a problem you are having if we can access some part of your data in readable form. We would always ask your permission before taking this action.
 
Internal controls
Keeping systems safe is part of our daily life here. We have strict internal policies and processes to keep our team and their kit safe, to protect our assets, and to limit access to sensitive systems and infrastructure to key staff on a needs-only basis.
 
Backup and availability
Data is also constantly backed up to ensure we can restore access to your data and the service in the unlikely event that the data replicas in all locations fail at once. Our monitoring alerts us to any trouble and we have staff on-call to quickly resolve unexpected incidents.
 
Updates and external review
We provide regular updates and as you access your account via your browser you’re always on the latest version. We monitor security advisories and other security community output closely. We work promptly to upgrade the service to respond to potential new threats and vulnerabilities as they are discovered. We work with certified independent specialists on a regular basis to undertake systems penetration testing and source code reviews.
 
Payment card data
The service we use for payment collection has PCI-DSS certification. We do not store credit cards on our systems.
 
Concerns or want to contact us?
For concerns that are urgent or sensitive, please email us at info@my-compliance.co.uk