SwipedOn Workplace Sign In Sytem
Start your free trial
Request a demo
 
Product security

Learn more
 
Network & application security

Learn more
 
Additional security measures

Learn more
 
Our GDPR Commitment

Learn more
 
Product Security
Reliability SwipedOn works in Offline mode. In the unlikely event of a server outage all data is queued and transferred to our servers on re-connection.

Our Cloud-based platform is engineered for redundancy and availability.

Our platform uses load balancing techniques to auto-scale when demand is high.
Passwords User accounts and passwords are securely managed by AWS Cognito. Passwords are hashed using Bcrypt hashing function. Individual users can only reset their own password.

All SwipedOn staff are required to use a password vault manager. Staff are required to use 2-Factor authentication where available.

phew SwipedOn Website Badge v202305
Network and application security
Data Hosting As a Cloud service, we do not host any servers ourselves. We outsource this task to Amazon Web Services (AWS). You can view AWS security information.

Our servers are located in the AWS region selected by a customer when an account is created. These regions can be one of the United States of America (Ohio); Great Britain (London); Singapore; Australia (Sydney); Canada (Montreal); or EU (Frankfurt).

The servers we use at AWS are Multi-Tenant. AWS have strict controls to prevent one tenant from accessing another tenant's data.

All of our servers are within our own virtual private cloud (VPC) with network access controls.
Backups Our database is backed up daily for recovery purposes using AWS RDS.
Data Storage We use AWS Simple Storage Service (S3) for storage. Data at rest is encrypted using AWS-provided encryption.
Encryption & Sessions Our web application (https://secure.swipedon.com) is only accessed via HTTPS and the entire HTTPS web application framework is protected with SSL certification.

Sessions are authenticated with a 23-character security token.

Each iPad has a 6-character randomly generated unique Device Identifier. iPad sessions are authenticated using a security token which is randomly re-activated after a set period of time.

All network traffic is encrypted both inside and outside our network.

Additional security measures
ISO certification

ISO 27001 is the only auditable international standard that describes best practices for an ISMS (information security management system). ISO27001 certification provides independent proof that our ISMS practices and procedures are safe and relevant.

Achieving accredited certification to ISO 27001 demonstrates that SwipedOn is following information security best practices and provides an independent, expert verification that information security is managed in line with international best practices and business objectives.

SOC-2 certification SwipedOn has successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that SwipedOn Limited’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security. Swiped On Limited was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada that provides risk management and assurance services which include but are not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc.
Additional security measures

We do not store your Credit Card details.We outsource the processing of your payments to Stripe - a specialist, secure PCI compliant company. You can view their credentials here:

Stripe Privacy Policy
Stripe Security

Segregation of duties SwipedOn staff do not have access to your data. The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account. In such circumstances, we will only access your data with your express permission.
Training All employees complete Security and Awareness training annually.

SwipedOn has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Best practices Our internal Data Protection Policy states that customer data is never to be stored on local machines.

Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.


Security questions?

If you'd like to know more about security related matters, please get in touch with our team or visit our FAQ page.