How does Humaniti keep my data secure?

Humaniti takes data privacy and security very seriously. We employ industry best practice including bank level encryption technology and firewalls to protect Humanitirians data. We will never use your personal information for marketing purposes.

We provide our service using hosting and network communications service providers that are PCI Certified, ensuring your data is transmitted and stored using the highest standards of security.

Our servers are all housed in an Australian secure data centre, encrypted with physical access restricted by two factor authentication and managed onsite 24/7.

When you link your accounts, we work with Australias largest financial services data partner to create a completely secure connection. We do not store any passwords or login credentials

State of the art SSL (Secure Socket Layer) encryption is used to make sure that no information can be intercepted while transmitted. The same encryption is used by Australian banks.

Financial information is read only. It is not possible for anyone to make changes or perform transactions. This ensures the safety of your accounts.

Humaniti is a McAfee Secure Site. Along with our cyber security experts, McAfee constantly test it to ensure it is free of malware, viruses, phishing attacks and more.

Protecting Customer Data

Our systems are hosted on Amazon AWS infrastructure. Humaniti is deployed using Amazon Web Services (AWS), enabling us to guarantee high security through utilizing a series of high tech, best in the industry solutions that work to ensure the safety of all user data on the AWS network.

To better understand their security measures please visit following links: https://aws.amazon.com/compliance,
https://aws.amazon.com/security

Environmental Controls

A variety of environmental controls are implemented at our AWS hosted data centre facilities.

  • Servers are locked inside the infrastructure in a designated area.
  • The server area is cooled by a separate air conditioning system, which keeps the climate at the desired temperature to prevent service outage.
  • The facilities are protected by a fire suppression system, which protects the computing equipment and has built-in fire, water, and smoke detectors.
  • The facilities have on-site generators, which serve as an alternative power source.
  • There is 24-hour video surveillance of all entrances and exits, lobbies, and ancillary rooms. The videos are recorded and monitored, and retained.

SSAE16 and SOC1

Amazon’s data centers have a SSAE16 SOC1 service auditor’s report as the result of an indepth audit of the centers’ control objectives and control activities, including controls over information technology and all other related processes. Please visit the following links: https://aws.amazon.com/compliance, https://aws.amazon.com/security

System Monitoring, Logging and Alerting

Humaniti and our security partners monitor servers while retaining and analyzing a comprehensive view of the security state of our production infrastructure. Humaniti collects and stores production server logs for analysis and ongoing improvement

Data Storage

Customer data is stored only in the production environment. All logs of connections to our production environment are saved and archived. Information in your account is encrypted and delivered on a per-user-access controlled basis.

Network Security

Firewalls: Applications in the hosting and cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. The firewalls are configured to serve as perimeter firewalls to block ports and protocols.

DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.

Encryption

Our systems are designed to ensure data is protected at all times. This includes customer data in transit and at rest. User account passwords are hashed and salted with a modern hash function.

Privacy

We know your data is private and confidential. We have strict controls to ensure that your data is never seen by anyone who should not see it. Understanding this, the operation of Humaniti.com wouldn’t be possible without a few members having access to our databases in order to optimize performance and storage, however, the team is prohibited from using these permissions to view individual customer data without explicit, written permission from the user or where required by law. For more detailed information please see our privacy policy at https://www.humaniti.com/privacy/

Secure Software Design

Any new feature or code that will be implemented into our system starts with an analysis of security and privacy risks. All code is saved into a version control repository and evaluated in both test and user acceptance environments before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality

External Security Audits and Penetration Tests

We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits.

Backup

We consistently back up the data of our customers. Data is backed up on a daily basis. Backups are encrypted and retained for 25 days.

 

If you have any questions about this please get in touch with us at security@humaniti.com.