Security Statement

Mission

Users entrust Engageable with their data, and we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.

Engageable uses some of the most advanced technology for Internet security that is commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.

Application and User Security

SSL/TLS Encryption

All communications with the Engageable servers are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.

User Authentication

User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Engageable issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.

User Passwords

User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.

Data Encryption

Certain sensitive user data, such as credit card details and account passwords, is stored in encrypted format.

Data Portability

Engageable enables you to export your data from our system in a variety of formats so that you can back it up or use it with other applications.

Privacy

We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

Physical Security

Data Centres

Engageable utilises the Microsoft Azure data centre based in Sydney Australia.

Data Center Security

Azure uses state-of-the-art data centres to safeguard your data in facilities that are protected by industry-leading physical security and compliant with a comprehensive portfolio of standards and regulations. More information: https://www.microsoft.com/en-au/cloud-platform/global-datacenters

Network Security

Uptime

Continuous uptime monitoring, with immediate escalation to Engageable staff for any downtime.

Testing

System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.

Firewall

Firewall restricts access to all ports except 80 (http) and 443 (https).

Intrusion Detection/Intrusion Prevention

Intrusion detection systems and intrusion prevention systems detect, mitigate and/or prevent interference or access from outside intruders.

Patching

Latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities.

Access Control

Secure VPN, multi-factor authentication, and role-based access is enforced for systems management by authorised engineering staff.

Logging and Auditing

Central logging systems capture and archive all internal systems access including any failed authentication attempts.

Storage Security

Backup Frequency

Backups occur hourly internally, and daily to a centralised backup system for storage in multiple geographically disparate sites.

Organisational & Administrative Security Employee Screening:

We perform background screening on all employees.

Training

We provide security and technology use training for employees.

Access

Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.

Audit Logging

We maintain and monitor audit logs on our services and systems

Information Security Policies

We maintain internal information security policies, including incident response plans, and regularly review and update them.

Software Development Practices

Stack

We code in PHP 7.1 and MySql 5.7, Ubuntu Linux using the Laravel framework.

Coding Practices

Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.

Handling of Security Breaches
 


Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Engageable learns of a security breach, we will notify affected users so that they can take appropriate protective steps.

Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely.

You should also ensure that you have sufficient security on your own systems, to keep any Engageable data you download to your own computer away from prying eyes. We offer SSL to secure the transmission of Engageable responses, but it is your responsibility to ensure that your systems are configured to use that feature where appropriate.

Want to know more?

Please contact support@engageable.com.au for more information.