How does Humaniti keep my data secure?
Humaniti takes data privacy and security very seriously. We employ the latest encryption technology and firewalls to protect members data. We do not store bank login details and no transactions can take place on our platform. We will never share or use your personal information for marketing purposes.
Encrypted
Our servers are all housed in an Australian secure data centre, encrypted with physical access restricted by two factor authentication and managed onsite 24/7.
Secure connection
When you link your accounts, we work with leading Australian financial services data partners – Illion and Basiq – to create a completely secure connection. We do not store any passwords or login credentials
SSL encrypted
State of the art SSL (Secure Socket Layer) encryption is used to make sure that no information can be intercepted while transmitted. The same encryption is used by Australian banks.
Read only
Financial information is read only. It is not possible for anyone to make changes or perform transactions. This ensures the safety of your accounts.
Security & Data Privacy
Protecting Customer Data
Our systems are hosted on Amazon AWS infrastructure. Humaniti is deployed using Amazon Web Services (AWS), enabling us to guarantee high security through utilizing a series of high tech, best in the industry solutions that work to ensure the safety of all user data on the AWS network.
To better understand their security measures please visit following links: https://aws.amazon.com/compliance,
https://aws.amazon.com/security
Environmental Controls
A variety of environmental controls are implemented at our AWS hosted data centre facilities.
To better understand their security measures please visit following links: https://aws.amazon.com/compliance,
https://aws.amazon.com/security
Servers are locked inside the infrastructure in a designated area.
The server area is cooled by a separate air conditioning system which keeps the climate at the desired temperature to prevent service outage.
The facilities are protected by a fire suppression system which protects the computing equipment and has built-in fire water and smoke detectors.
The facilities have on-site generators which serve as an alternative power source.
There is 24-hour video surveillance of all entrances and exits lobbies and ancillary rooms. The videos are recorded and monitored and retained.
SSAE16 and SOC1
Amazon’s data centers have a SSAE16 SOC1 service auditor’s report as the result of an indepth audit of the centers’ control objectives and control activities, including controls over information technology and all other related processes. Please visit the following links: https://aws.amazon.com/compliance, https://aws.amazon.com/security
System Monitoring, Logging and Alerting
Humaniti and our security partners monitor servers while retaining and analyzing a comprehensive view of the security state of our production infrastructure. Humaniti collects and stores production server logs for analysis and ongoing improvement
Data Storage
Customer data is stored only in the production environment. All logs of connections to our production environment are saved and archived. Information in your account is encrypted and delivered on a per-user-access controlled basis.
Network Security
Firewalls: Applications in the hosting and cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. The firewalls are configured to serve as perimeter firewalls to block ports and protocols.
DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.
Encryption
Our systems are designed to ensure data is protected at all times. This includes customer data in transit and at rest. User account passwords are hashed and salted with a modern hash function.
DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.
Privacy
We know your data is private and confidential. We have strict controls to ensure that your data is never seen by anyone who should not see it. Understanding this, the operation of Humaniti.com wouldn’t be possible without a few members having access to our databases in order to optimize performance and storage, however, the team is prohibited from using these permissions to view individual customer data without explicit, written permission from the user or where required by law. For more detailed information please see our privacy policy at https://www.humaniti.com/privacy/DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.
Secure Software Design
Any new feature or code that will be implemented into our system starts with an analysis of security and privacy risks. All code is saved into a version control repository and evaluated in both test and user acceptance environments before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality
External Security Audits and Penetration Tests
We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits.
Backup
We consistently back up the data of our customers. Data is backed up on a daily basis. Backups are encrypted and retained for 25 days.
Have questions?
If you have any questions about this please get in touch with us