Security Practices2018-05-03T09:48:32+00:00

Security Practices

At Hub Planner we take the security of your data very seriously. We are on a constant journey to meet new standards and make sure we are doing our best to keep your data secure. Some of our security practices include:

General

All Hub Planner accounts use SSL-encrypted connections by default—the same level of security used by online banks. You never send or receive sensitive information in plain-text. Additionally, industry-standard physical and remote security is administered at data center facilities. Hub Planner systems and processes adhere to industry best practices in security, including the following:

  • Encrypted inter-server and inter-data center communication
  • Sensitive data encryption in the databases
  • Strictly controlled access to servers or customer data
  • All communication to and from our service is secured over SSL
  • All of our servers are verified and updated frequently for security patches

Confidentiality

There is very strict access controls when it comes to employee’s or contract personnel accessing data that you make available on the Hub Planner service, and we are committed to ensuring that Customer Data is not accessed by anyone who should not have access to it. In order to run Hub Planner effectively, some employees with permissions have access to the systems you are having with Hub Planner, which allows them to effectively help Customers tackle issues, diagnose problems a Customer may be having with their data on Hub Planner Service. This process is usually on a technical level, and employees are prohibited from using access to view Customer Data. Additionally we may ask for your permission in writing via a support ticket to provide full transparency of the assistance you are receiving.

Internal Training

Employees receive privacy and security training during on-boarding as well as on an ongoing basis.

Infrastructure Compliance

Hub Planner uses Amazon AWS for all of it’s infrastructure hosting requirements, with the data centers located in the EU. Amazon AWS maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

Billing & PCI Compliance

Hub Planner is not currently a PCI-certified Service Provider and therefore we use BrainTree Payments to process all credit / debit card payments for Customers. As a Merchant we have completed the Payment Card Industry Data Security Standard’s SAQ, allowing us to use a third party to process your credit card information securely.

Deletion of Customer Data

As a Customer you have the option to delete your data at any point in the system. Once an entity is deleted from your interface, it will enter a queue to be permanently deleted within 30 days, including all backups. We also have an automated deletion which applies if you decide to delete your subscription, close your account, not use your trial after expiry, all data will be deleted, including backups within 30 days.

Security – Two-Factor Authentication

In addition to sophisticated system monitoring and logging, we have implemented two-factor authentication for all server access across our production environment. Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.

Disaster Recovery

Customer Data is stored redundantly in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allow recovery from a major disaster. Customer Data and our source code are automatically backed up at regular increments.

Production Releases

New features, functionality, and design changes to the Hub Planner platform go through a security review process facilitated by the technical team. In addition, our code is tested in different staging and local environments that replicate production, and manually code reviewed by tech personnel prior to being deployed to production.