Security at HANDS HQ

At HANDS HQ, we take your trust very seriously. We carry out a number of measures to protect your privacy and your data and are committed to transparency and industry best practices.

Infrastructure

uptime

Uptime

HANDS HQ is committed to delivering a high-availability platform. We have uptime of 99.6% or higher.

Hosting

Hosting

HANDS HQ’s servers and databases are hosted in the cloud within the EU. Some data such as database backups and database snapshots are stored in US data centres. Our cloud partner’s products are certified under the EU-U.S. Privacy Shield framework.

Security

SSL

Encryption in transit

All browser connections and communication are encrypted and transmitted over TLS (formerly known as SSL). Our servers only support 128- or 256-bit cipher suites over TLS 1.1 or higher, protecting against unauthorised disclosure, modification, and replay attacks.

Encryption at rest

Encryption at rest

Our policy is to only select cloud partners that encrypt all physical media on which customer data resides, including database and backups. In the unlikely event of a physical breach of underlying infrastructure (i.e., if someone broke into the data centre and removed the disk drives), your data would be protected.

Penetration testing

Penetration testing

Our production environment undergoes penetration testing bi-annually, using industry standard tools to replicate hacking attacks.

Vulnerabilities

Vulnerabilities

We use a number of tools to proactively identify known security vulnerabilities. Our policy is to resolve critical vulnerabilities within 72 hours.

SDLC

Software development life cycle (SDLC)

HANDS HQ products are designed with security that at a minimum, meets OWASP standards for web applications.

At least annually, engineers participate in web application security training covering OWASP Top 10 Application Security Risks.

Data integrity and continuity

Backups

Backups

Daily database backups are carried out every day. Further, with rollback functionality we can restore a database from any point in time within the past 7 days.

Disaster recovery

Disaster recovery

HANDS HQ’s disaster recovery procedure is tested every 6 months to ensure the integrity of data and that the engineering team are familiar with the process.

Data protection

GDPR

GDPR readiness

We aim to be transparent about where your data resides with us and how it is handled. We have recently updated our privacy policy and terms of service to explain this in more detail. However, if you would like any further information or to exercise your rights please email our Data Protection Officer.

Data deletion

Data deletion

It is our policy that ex-customer data be deleted within two years of contract termination. Customer data can also be deleted on request.

Certification

Certification

HANDS HQ is certified for ISO 9001 and ISO 27001. Our ISO 9001 and ISO 27001 certificates, policy and statement of applicability (SOA) are available to customers on request.