Humaniti takes data privacy and security very seriously. We employ the latest encryption technology and firewalls to protect members data. We do not store bank login details and no transactions can take place on our platform. We will never share or use your personal information for marketing purposes.
We provide our service using hosting and network communications service providers that are PCI Certified, ensuring your data is transmitted and stored using the highest standards of security.
Our servers are all housed in an Australian secure data centre, encrypted with physical access restricted by two factor authentication and managed onsite 24/7.
When you link your accounts, we work with leading Australian financial services data partners – Illion and Basiq – to create a completely secure connection. We do not store any passwords or login credentials
State of the art SSL (Secure Socket Layer) encryption is used to make sure that no information can be intercepted while transmitted. The same encryption is used by Australian banks.
Financial information is read only. It is not possible for anyone to make changes or perform transactions. This ensures the safety of your accounts.
Humaniti is a McAfee Secure Site. Along with our cyber security experts, McAfee constantly test it to ensure it is free of malware, viruses, phishing attacks and more.
Protecting Customer Data
Our systems are hosted on Amazon AWS infrastructure. Humaniti is deployed using Amazon Web Services (AWS), enabling us to guarantee high security through utilizing a series of high tech, best in the industry solutions that work to ensure the safety of all user data on the AWS network.
To better understand their security measures please visit following links: https://aws.amazon.com/compliance,
https://aws.amazon.com/security
Environmental Controls
A variety of environmental controls are implemented at our AWS hosted data centre facilities.
SSAE16 and SOC1
Amazon’s data centers have a SSAE16 SOC1 service auditor’s report as the result of an indepth audit of the centers’ control objectives and control activities, including controls over information technology and all other related processes. Please visit the following links: https://aws.amazon.com/compliance, https://aws.amazon.com/security
System Monitoring, Logging and Alerting
Humaniti and our security partners monitor servers while retaining and analyzing a comprehensive view of the security state of our production infrastructure. Humaniti collects and stores production server logs for analysis and ongoing improvement
Data Storage
Customer data is stored only in the production environment. All logs of connections to our production environment are saved and archived. Information in your account is encrypted and delivered on a per-user-access controlled basis.
Network Security
Firewalls: Applications in the hosting and cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. The firewalls are configured to serve as perimeter firewalls to block ports and protocols.
DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.
Encryption
Our systems are designed to ensure data is protected at all times. This includes customer data in transit and at rest. User account passwords are hashed and salted with a modern hash function.
Privacy
We know your data is private and confidential. We have strict controls to ensure that your data is never seen by anyone who should not see it. Understanding this, the operation of Humaniti.com wouldn’t be possible without a few members having access to our databases in order to optimize performance and storage, however, the team is prohibited from using these permissions to view individual customer data without explicit, written permission from the user or where required by law. For more detailed information please see our privacy policy at https://www.humaniti.com/privacy/
Secure Software Design
Any new feature or code that will be implemented into our system starts with an analysis of security and privacy risks. All code is saved into a version control repository and evaluated in both test and user acceptance environments before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality
External Security Audits and Penetration Tests
We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits.
Backup
We consistently back up the data of our customers. Data is backed up on a daily basis. Backups are encrypted and retained for 25 days.