Security

Your SalesSeek data is especially valuable. It not only contains 3rd party personal details of your contact base, but also includes performance data for sales individuals and sales teams.

SalesSeek takes its security responsibilities exceptionally seriously, and follows industry best practice in planning, implementation and operation of the SalesSeek service.


Network Security

All content is encrypted over SSL.

The application is architected using a universal API for both mobile and browser based clients channeling through a single point of control.

The hosted application is protected by an actively managed Firewall and Intrusion Detection System.


Data Security

An abstraction layer is used to interact with the database, which by making use of bound parameters in queries reduces the possibility of SQL injection attacks.

All backups are encrypted and stored on a separate continent from the main services, and with an independent provider (Amazon Web Services).


Infrastructure Security

Client data is hosted using Amazon AWS data centers, whose security processes are independently audited to the level of SOC2, SSAE 16 SOC1, PCI DSS Level 1 and SysTrust certifications. Such processes include 24 hour security and 2-factor access authentication including biometric control. The AWS cloud infrastructure has been designed and managed in alignment with regulations, standards, and best-practices including:

  • HIPAA
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)
  • SOC 2 & 3
  • PCI DSS Level 1
  • ISO 27001
  • FedRAMP(SM)
  • DIACAP and FISMA
  • ITAR
  • FIPS 140-2
  • CSA
  • MPAA

Application Security

We store only the derived key produced by applying the PBKDF2 key derivation function to users’ passwords, including both salt and pepper to minimize the effect of dictionary and statistical attacks, even in the event of disclosure of the encrypted password list.

SalesSeek staff have no access to the plain-text form of user passwords.


Policies & Procedures

Only authorized system management staff are able to access customer data.

We monitor for all relevant security patches to make sure the latest security updates are applied on all our subsystems.

As part of our standard terms and conditions, your data is fully protected under NDA. We will never share or disclose your data without your agreement except under court order.

All customer data is held in separate database schemas, so any court order for content will affect only that party, not any other client data.


Business Continuity

Backups

We maintain geographically distinct backups in both Europe and USA.

Backups are taken daily.


Disaster Recovery

We maintain multiple hosting providers to diversify any remaining commercial or contractual risk. SalesSeek uses Google Cloud Platform and Amazon Web Services as its hosting providers.