Shiftboard’s Data Policies
The protection, security, and privacy of your data is of utmost importance. Shiftboard uses industry leading technology and practices to ensure the integrity of your data. We use encryption, application security, infrastructure, penetration testing, and single sign-on to ensure your data is protected. We are GDPR compliant.
Shiftboard utilizes 256 bit SSL encryption. This ensures all communications to and from the Shiftboard application are encrypted and protected. It is one of the most secure encryption methods today, and is typically used for data in transit, or data traveling over a network or internet connection. However, it is also implemented for sensitive data such as financial, military, and government owned data.
Shiftboard offers 3 layers of application security including:
- 256 bit SSL encrypted login to ensure maximum security in data transfer.
- Sharded data where customer data is separated into different data partitions to ensure no data overlap or loss.
- Customer account data is separated between different company locations and user levels to ensure there is no chance for data being shared between franchises or user levels.
Shiftboard runs on a hybrid infrastructure utilizing TierPoint to support all US business and AWS cloud infrastructure for all European based business. This hybrid approach gives Shiftboard the best of both worlds with the ultimate control and redundancy.
TierPoint registers a 100% uptime and is audited under SSAE 18 Type 2 SOC 2, PCI-DSS*, GLBA and HIPAA standards annually and is ITAR and EU-US Privacy Shield registered. AWS is also backed by Amazons 99.99% uptime service level agreement.
Shiftboard employs WhiteHat Security’s industry-leading website security solution to help address concerns about safeguarding your confidential data from security breaches and hacker attacks. WhiteHat Sentinel conducts rigorous and ongoing security testing on thousands of the world’s leading websites, including Shiftboard and many Fortune 500 companies.
Single Sign On
Shiftboard supports Single Sign On (SSO), a property of access control for multiple related, yet independent, software systems. SSO allows users to login to connected systems with a single ID and password by leveraging SAML and SAML2. This supports a number of SSO providers like Shibboleth, Okta, ADFS, Onelogin, Google ID, and more.
The General Data Protection Regulation (GDPR) is a new comprehensive data protection law that went into effect May 25, 2018 in the EU. GDPR strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. As of May 25th, Shiftboard was deemed GDPR compliant. To learn more about Shiftboard’s approach to GDPR, see our GDPR policy details.