The security of our customers’ data is critically important to us. SupportSystem is committed to protecting our customers’ personal and sensitive information. This notice describes our data security and compliance statement.
SupportSystem does not capture, transit or store any credit card information. All credit card data is captured and stored securely by our PCI compliant payment gateway provider, Stripe, which is certified to PCI Service Provider Level 1.SupportSystem is Safe Harbor Compliant
SupportSystem complies with the US EU and US Swiss Safe Harbor Frameworks for protecting the privacy of data flowing from the EU and Switzerland to the US, as set forth by the US Department of Commerce. To learn more about the Safe Harbor program, and to view Enhancesoft’s (SupportSystem's parent company) certification, please visit http://www.export.gov/safeharbor/.
Although we are Safe Harbor compliant, do not transmit or transfer data across our EU and US datacenters. Customers can request to be hosted exclusively in our EU based datacenters.
Please see our Privacy Notice for our practices for implementing the Safe Harbor Principles.Datacenters Certification
SupportSystem runs on leased servers provided by Linode in two different
Certificates are available upon request.
Security is of paramount importance to us. We focus on providing a secure environment that goes above and beyond industry security standards and guidelines. The following is an overview of the steps we take to secure our customers' private information.Secure Server Access
SupportSystem network is set up securely with minimal access to outside networks. All communication with servers (outside of public HTTP/HTTPS access) is over encrypted secure shell (SSH) with authentication only available via public/private key (PKI).
SupportSystem facilitates secured patching and software updates of all our server infrastructure systems, including actively monitoring numerous online resources for the latest vulnerabilities. It’s our policy to apply security patches as soon as they are made available.Access and Activity Logging
All access and activities by our employees on our servers are logged, monitored and observed.
Our SupportSystem customers’ access to their account is logged and available for review by account administrator. IP whitelisting is also available for SupportSystem customers, which can dramatically reduce the exposure of our customers’ accounts.Password Hashing
User account passwords are salted and hashed using a slow hash function to increase security. SupportSystem employees cannot recover original passwords.Siloed Databases
SupportSystem customer’s data is siloed to individual databases with restricted access to ensure optimum availability while ensuring complete customer privacy and data segregation. We do not co-mingle multiple accounts on the same database tables.On Disk Encryption
SupportSystem databases are encrypted on disk with AES-256. Decryption keys are stored securely on separate machines.Encrypted Offsite Backups
Backups are performed nightly, encrypted and stored offsite.
SupportSystem infrastructure has been architected to provide one of the most flexible and secure environments available. Our network operations team considers reliability to be of the greatest operational concern, they like to sleep at night!Infrastructure Redundancy
SupportSystem infrastructure is built with high availability and redundancy in mind. We’ve also gone to great lengths to remove all single points of failure.
SupportSystem infrastructure is monitored 24/7. Any critical incident triggers SMS alerts to the entire network operations team.Guaranteed Uptime
We strive to guarantee 99.999% uptime. We publish and maintain a public infrastructure status page at https://status.supportsystem.comDisaster Recovery
We make routine backups of our server configurations and database data to be used in the unexpected event of data loss or corruption.
Yes, each and every employee and contractors on staff sign a confidentiality agreement.Do employees have restricted access to customer data?
Yes, information access is restricted to only that which is necessary to perform job functions.
If you do have additional questions or concerns, please don’t hesitate to contact us.
Please wait... it will take a second!