Privacy and Security Features

The Growing Risk of Data Theft

Data breaches and cyber threats are more prevalent than ever. Businesses of all sizes face the risk of stolen customer information, financial loss, and severe reputational damage that can be irreversible. A single security lapse can lead to regulatory penalties, customer distrust, and long-term harm to brand credibility.

At the same time, consumers are becoming more cautious about sharing their personal information. Businesses that must collect sensitive data often face hesitation and resistance from users who fear misuse, leaks, or identity theft. To build trust, companies must provide a seamless, transparent experience with clear assurances about how data is handled, stored, and protected. Strong security measures and compliance with industry standards aren’t just best practices—they are critical for earning consumer confidence and protecting business integrity.

For more details, businesses can review our Privacy Policy and End User Licence Agreement.

Data Storage and Privacy Practices

 Here are some of our privacy and security features that address the concerns of most businesses and consumers.

Secure Data Hosting

Our data is securely stored on AWS in the United States, ensuring high reliability and compliance with global security standards. Alternative hosting locations are available for Enterprise clients.

Personal Data Handling

• No regulated data storage: E.g. we do not store Tax File Numbers (TFN) or other regulated data. Once entered, this information is directly transmitted to your platform (e.g., XPM, HubSpot) and never retained on our systems.
• Automatic Image Deletion: By default, images from user sessions are deleted after 45 days. If required, this can be extended to auto-delete any session data.
• Easy Data Removal: Any client information can be deleted within two clicks via our dashboard.
• Full Data Removal on Service Cancellation: All personal information is permanently deleted if you cancel our service.

Security and Compliance

Industry-Standard Encryption

• SSL Encryption: All data transmissions are encrypted using SSL/TLS protocols.
• OAuth 2.0: Secure authentication with AES-128 encryption for data protection.
• SQL Injection (SQLi) & Cross-Site Scripting (XSS) Protection: Our platform includes built-in security layers to prevent cyber threats.

Compliance Certifications

• ISO 27001 Compliant: Our underlying app architecture follows ISO 27001 security best practices. More details: Heroku Compliance.
• SOC2 Compliance: Our core app framework and ID verification process align with SOC2 compliance standards.
• The SOC2 report for our app framework is available upon request.
• We are currently evaluating SOC2 certification directly for our business, but we have successfully passed independent security audits from HubSpot, Xero, FYI, and Karbon.

Independent Security Audits

We have passed security audits from leading SaaS platforms, including:

• HubSpot
• Xero
• FYI
• Karbon

User Authentication and Access Control

• Two-Factor Authentication (2FA): Required for logins, ensuring restricted access and enhanced security.
• Suspicious Login Detection: Automated systems identify and block unauthorized access attempts.

User Control & Customization

• Full Data Control: Clients have full control over how personal data is managed.
• Default Settings: All images are deleted after 45 days by default.
• One-Click Data Archiving: Easily archive any client information within a single click.
• Customizable Data Retention: We offer flexible data retention options based on client preferences.

We prioritize privacy, security, and compliance to ensure your data remains protected, private, and in your control. If you have specific security or compliance requirements, we are happy to discuss and accommodate your needs.