Security at SaleSquared

At SaleSquared we take data security and privacy very seriously. This page provides some general information about our practices to give you confidence in how we secure your data.

Data Center Security

  • SaleSquared hosts its infrastructure and customer data entirely in Digital Ocean & Amazon Web Services (AWS).
  • We follow AWS’ best practices which allow us to take advantage of their secured, distributed, fault-tolerant environment. To find out more information about AWS security practices, see: https://aws.amazon.com/security
  • We use the help of external consulting companies to review our infrastructure under AWS Well Architected framework.
  • SaleSquared hosts its telecom infrastructure entirely in CtrlS Data Center. We follow CtrlS’s best practices which allow us to take advantage of their secured, distributed, fault-tolerant environment.

Failover and Disaster Recovery

  • Our systems were designed and built with disaster recovery in mind.
  • Our infrastructure and data are spread across multiple Availability Zones and systems will continue to work even in case any one of those data centres fail.
  • Our databases use hot standby replicas located in different data centres to ensure high availability.

Virtual Private Cloud

  • All of our servers are within our own virtual private cloud (VPC) with network access controls that prevent unauthorized connections to internal resources.

Encryption

  • The entire SaleSquared application is encrypted with TLS.
  • We maintain an A+ from/SSL Labs.
  • Our databases use encryption at rest and in transit.

Application Level Security

  • Login pages and logins via the SaleSquared API have brute force protection.
  • We stored all passwords in hashed form ensuring that we can’t view them.

Vulnerability Scanning

  • We use third-party security tools to continuously scan for vulnerabilities as part of our Continuous Integration pipeline.

Protection from Data Loss

  • All our data is automatically backed up every day.
  • We regularly test that our backups are working and can be easily restored.

Internal IT Security

  • Only authorized employees to have access to our software version control
  • Access to servers, source code, and third-party tools are secured with two-factor auth whenever possible.
  • Employees are given the lowest level of access that allows them to get their work done.
  • All employee contracts include a confidentiality agreement.

PCI Obligations

  • When you purchase a paid SaleSquared subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Razorpay, a company dedicated to this task. Razorpay is certified to PCI Service Provider Level 1 Razorpay’s security information is available online. To find more about Razorpay’s security information, see: https://razorpay.com/blog/online-payment-security/

Responsible Disclosure

  • If you’ve discovered a vulnerability in the SaleSquared application, please don’t hesitate to contact us at security [at] salesquared.io. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues.

Contact Us

If you have any questions, please contact us at helpdesk [at salesquared.io