Security and protection of information are integral to the design, development and management of our online services. We use world-class computing infrastructure service providers that have experience in managing business agile, scalable and secure web services. We monitor our service providers to ensure that there is ongoing threat assessment, deployment of security enhancements, monitoring of our production systems, and highly scalable and redundant cloud-based infrastructure to meet our customer’s needs.
We have implemented internal policies that are used to ensure your information is kept private. We will not share your information with any third party, unless authorized by you or required by law.
In order to protect your information, we have implemented an auto-logoff function. If you are logged into your Spendwise account, but have not actively used the service for a set period of time, we will automatically end your session. This can prevent an un-authorized person from accessing your account when you leave a session open or forget to log out.
Access to data within Spendwise is managed by the use of access control groups and assigned rights and privileges. All registered users of our service have a unique username (using email address) and password of their choosing. A session specific cookie is used to record encrypted authentication information only for the duration of the online session. All unsuccessful login attempts are detected and logged.
Network security provided by our cloud-based web service provider is monitored on a real-time basis and log files are maintained. Multiple levels of network security are utilized, including firewall, router, strong SSL encryption and network Intrusion Detection Systems. Automated alerting ensures that we are aware of potential issues that need immediate response.
We use state-of-the-art technology and best practices to protect data transmitted and stored on our site. Data transmitted and stored on our site is encrypted using up to 256-bit encryption technology. We use digital certificates issued by GoDaddy to secure your data. This certification enables you to verify encryption of information you transmit or store using our services and provides you with the confidence that we are a valid business and that we own and operate spendwise.com.
Access to customer data is highly restricted. Access to customer data is audited and records are maintained in secure logs. All of our employees are trained in our privacy and security policies and procedures. Any employee or consultant found to have violated privacy and security policies and/or regulations may be subject to disciplinary action, including termination.
Our site is hosted at a tier-1 SAS 70 Type II data center that features 24-hour manned security, biometric access control, video surveillance and physical locks. Climate and temperature control are maintained at optimal levels to ensure ongoing operational performance of the server environment. Power is supplied by redundant grids with redundant UPS and backup generators. Preventative maintenance is performed to ensure the continued operability of equipment.
Administration of the hosted servers operating systems, web services, databases and other commercial applications environment are managed by the web service provider and cannot be performed remotely.
Disaster Recovery and Business Continuity
Our systems architecture utilizes commercial best-in-class web services and data storage providers. Core to this environment are robust computational and storage platforms and network and security services that are designed to be redundant and utilize failover capabilities.
Data is backed up to multiple locations to ensure that in the event of a disaster, services can be restored quickly and with minimal downtime.