Try for Free
Demo Centre

White padlock icon with transparent background

usecure Security Information

Learn how we keep your data secure

Including our GDPR standards, security policies, testing & maintenance, and more.

 

Supplier name

usecure ltd

Company number

10113345

Cyber Essentials Certificate

IASME-A-010395

Sub-processors
(used to process personal data)

- Heroku/ AWS    - SendGrid
- HubSpot Inc     - Mailgun

Data Protection Officer

These responsibilities are shared between Charles Preston (CEO) and Ben Pollard - CISSP CEH ISSAP.

General Data Protection Regulation (GDPR)

Here is some key information on how we securely store your data.

What we're storing

We store only necessary information, as collected by you.

How we're storing it

We encrypt your data both at rest and in transit, and our site and storage processes are designed for security
(you can learn more on how we store your data further down this page).

Who can access it

We have extensive internal access controls and regulations for the usecure team, who only have access to data under limited conditions. You are able to restrict admin access to sensitive materials.

Our core standards

Our core compliance with the act means that:

  • We have full awareness of where any of your data is being held & when outside of the EU, ensuring appropriate compliance is in place.
  • We ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access.
  • We ensure you have the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services.
  • We ensure that consent is given during the sign up process for all that use usecure and allowing you to withdraw at anytime.

FAQs

  • Are you compliant with the GDPR?

Based on our self-assessment and that of our external Data Protection Officer we are currently compliant.

  • Who is the official Data Protection officer your organisation?

Responsibilities are shared between Charles Preston (CEO) and Ben Pollard - CISSP CEH ISSAP.

  • Do you market other services to the employees we add to the system?

No.

  • How long do you retain employee data?

Our retention periods are defined by you, you have full control of what data is held on our system and are free to remove or amend anytime.

  • Where is our data held?

Within the EU.

  • If we ask you to remove data we have provided to you, can you do this in a timely fashion?

Yes, please email support@getusecure.com.
  • Do you have a process in place for reporting personal data breaches to affected companies and the relevant data protection authority, and in some circumstances, to the affected data subjects, where feasible, within 72 hours of having become aware of it?

Yes we do.

  • Do you have a privacy policy?

Yes, you can find it at https://www.getusecure.com/privacy-policy.

Testing, Maintenance and Personal Data Functionality

Here, you'll find details on usecure's testing and maintenance policy, confidentiality obligations and
functionality around personal data.

 


 

Testing & Maintenance 

Testing and maintenance policy

We carry our regular independent penetration tests as well as intermittent testing alongside our release schedule.

Data Protection Policy

You can find information on our Data Protection Policy here.

Written Confidentiality Obligation

All employees are subject to written confidentiality obligations which must be signed at employment data and are reviewed annually.

Identifying, accessing and amending data

Customers have the ability to identify, access and amend their own data within the usecure portal which can only be accessed by authorised individuals in the business.

Deleting data from the application

Data can be deleted from the application by the customer and restored within 7 days, at which point it is removed from the usecure database permanently.

Downloading user information

Customers can also download the user information out of the application for use within their own reporting tool.


IT Security Policies and Measures

These are the means by which we ensure that any electronically stored information is kept secure from unauthorised access
(including encryption, pseudonymisation and use of portable equipment).

 


 

Protecting Infrastructure and Hardware

Servers, personal computers and laptops are protected by external attack from
unauthorised access, viruses and Trojan Horses by:

Anti-virus & Cyber Essentials

We have a firewall enabled and VLAN access to our Wi-Fi. We implement Anti Virus and run daily scans on our machines, as well as being a Cyber Essentials accredited business.

Admin rights

Network and individual computer administration rights are controlled through best in class Mobile Device Management (MDM) and are granted on an access role basis.

Hard password policy on all servers, personal computers and laptops

All passwords must be at least seven characters long, and include one capital letter and one number. Users are required to change passwords every calendar month.

Data encryption

We store our info using Amazon Web Services (AWS), who use the 256-bit Advanced Encryption Standard.

SPAM checks

All incoming emails are filtered for SPAM and quarantine for checking before they are delivered onto the network.

Staff Handbook

The Staff Handbook prohibits staff from opening emails or attachments from unknown sources.

No working from personal computers

Staff may not undertake work on personal computers (unless prior agreement has been stated).

Wireless network security

Wireless network is secured via WPA2 / password.

Data Encryption

AES-256 encryption

All of our data is encrypted at rest with AES-256, block-level storage encryption.

Password encryption 

Passwords are encrypted with bcrypt.

Site traffic encryption 

All traffic on our site is encrypted in transit via SSL.

Credentials encryption 

Credentials for the production database are regularly rotated to ensure access restriction.

Database backup encryption

All backups are stored in AES-256 encrypted S3 buckets.


Physical Security Policies and Measures

This section includes details of our physical security policies and measures, including the disposal of waste.
Consideration is given to the disposal of computers, laptops, memory sticks, disks, etc.

 


 

Physical Security

Office security

We operate in a serviced office with turnkey door locks on the internal doors which are locked out of office hours.

Building security

The building requires keyfob entry and reception barrier which are all reviewed independently every 12 months.

Storing physical data

We do not have any physical data in the office and no data is stored locally on any of the physical machines that we use.

Disposal of a computer

The hard drive will be wiped with specialist software or removed and destroyed sufficiently so that information cannot be accessed by an authorised person.

Third-party disposal of data

If a third party is used for the disposal of data, the firm will satisfy itself with their security and staff vetting arrangements.


Business Continuity Policies and Measures

Here, you'll find details of our business continuity policies and measures, including data backup.

 


 

Flexible Working & Data Backup

Flexible working environment

usecure operates a flexible working environment including mobile-only devices (e.g., laptops) and cloud-only services. 

Home working policy

usecure also operates a home working policy and we keep no physical data onsite.

Database recovery & manual backup

Database has point-in-time recovery for up to four days, and is manually backed up everyday for a maximum of 30 backups.

Backup storage

All backups are stored in AES-256 encrypted S3 buckets.