Security & Data Protection

Shiftboard’s Data Policies

The protection, security, and privacy of your data is of utmost importance. Shiftboard uses industry leading technology and practices to ensure the integrity of your data. We use encryption, application security, infrastructure, penetration testing, and single sign-on to ensure your data is protected. We are GDPR compliant.

Encryption

Shiftboard utilizes 256 bit SSL encryption. This ensures all communications to and from the Shiftboard application are encrypted and protected. It is one of the most secure encryption methods today, and is typically used for data in transit, or data traveling over a network or internet connection. However, it is also implemented for sensitive data such as financial, military, and government owned data.

Lock and key around sensitive information files, representing encryption

Application Security

Shiftboard offers 3 layers of application security including:

  1. 256 bit SSL encrypted login to ensure maximum security in data transfer.
  2. Sharded data where customer data is separated into different data partitions to ensure no data overlap or loss.
  3. Customer account data is separated between different company locations and user levels to ensure there is no chance for data being shared between franchises or user levels.
Secure information on a mobile device, representing mobile application security

Infrastructure

Shiftboard runs on AWS cloud infrastructure.

AWS is backed by Amazon’s 99.99% uptime service level agreement.

Mobile and desktop locked and secured, representing secure infrastructures

Penetration Testing

Shiftboard employs Qualys, an industry-leading website security solution to address concerns about safeguarding your confidential data from security breaches and hacker attacks.

Data security on a laptop, representing penetration testing

Single Sign On

Shiftboard supports Single Sign On (SSO), a property of access control for multiple related, yet independent, software systems. SSO allows users to login to connected systems with a single ID and password by leveraging SAML and SAML2. This supports a number of SSO providers like Shibboleth, Okta, ADFS, Onelogin, Google ID, and more.

Image of logging on with a password, representing single sign-on

GDPR

The General Data Protection Regulation (GDPR) is a new comprehensive data protection law that went into effect May 25, 2018 in the EU. GDPR strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. As of May 25th, Shiftboard was deemed GDPR compliant. To learn more about Shiftboard’s approach to GDPR, see our GDPR policy details.

GDPR compliance badge

Questions

Security is of the utmost importance to Shiftboard. We mitigate security risks through applying best practices and active monitoring. However, if you have any security concerns, or notice any possible security issues, we encourage you to reach out to privacy@shiftboard.com. Please see our privacy policy for a breakdown of how we handle potential issues.

Laptop and mobile app