At HANDS HQ, we take your trust very seriously. We carry out a number of measures to protect your privacy and your data and are committed to transparency and industry best practices.
HANDS HQ is committed to delivering a high-availability platform. We have uptime of 99.6% or higher.
HANDS HQ’s servers and databases are hosted in the cloud within the EU. Some data such as database backups and database snapshots are stored in US data centres. Our cloud partner’s products are certified under the EU-U.S. Privacy Shield framework.
All browser connections and communication are encrypted and transmitted over TLS (formerly known as SSL). Our servers only support 128- or 256-bit cipher suites over TLS 1.1 or higher, protecting against unauthorised disclosure, modification, and replay attacks.
Our policy is to only select cloud partners that encrypt all physical media on which customer data resides, including database and backups. In the unlikely event of a physical breach of underlying infrastructure (i.e., if someone broke into the data centre and removed the disk drives), your data would be protected.
Our production environment undergoes penetration testing bi-annually, using industry standard tools to replicate hacking attacks.
We use a number of tools to proactively identify known security vulnerabilities. Our policy is to resolve critical vulnerabilities within 72 hours.
HANDS HQ products are designed with security that at a minimum, meets OWASP standards for web applications.
At least annually, engineers participate in web application security training covering OWASP Top 10 Application Security Risks.
Daily database backups are carried out every day. Further, with rollback functionality we can restore a database from any point in time within the past 7 days.
HANDS HQ’s disaster recovery procedure is tested every 6 months to ensure the integrity of data and that the engineering team are familiar with the process.
We're committed to supporting our customers to prepare for the General Data Protection Regulation (GDPR). We're working on implementing our readiness programme across our organisation.
We'll be ready to share more detailed information regarding our progress soon and commit to being GDPR ready by the 25 May 2018.
It is our policy that ex-customer data be deleted within two years of contract termination. Customer data can also be deleted on request.
HANDS HQ is currently undertaking certification for ISO 9001 and ISO 27001. Our ISO9001 and ISO27001 policy and statement of applicability (SOA) is available to customers on request.