Data security is of utmost importance to Impact Data and our clients. The following questions and answers provide a general overview of our policies and procedures relating to data security.
If you have further questions, please contact your Impact Data representative or contact us.
Impact Data uses cloud-based hosting services operated by Heroku and AWS, with data stored in data centres in Australia and the United States. AWS and Heroku operate under the highest security standards.
Data is encrypted at all times — in transit and at rest.
Our clients have access to their own data via our applications.
Our employees have access to client data as required for service delivery. (Impact Data employment agreements contain confidentiality clauses that apply to the use all company assets, services and information.)
Apart from the hosting provider, no other third parties have access to the data.
Clients can retrieve their data at any time via our applications or by direct request to Impact Data support.
We destroy client data and any backup copies when there is no longer a valid business requirement for us to retain it.
We permanently delete all TalkBox client data, such as contacts, 45 days after an account is terminated.
Data security and application hardening are core to our application-design and quality-assurance processes. Security patches are applied regularly, both by our staff and by hosting providers. Our applications undergo third-party security penetration testing annually.
All databases are backed up; primary and secondary backups are stored securely in physically separate data centres.
Application code and other assets are backed up in independent systems.