Try out the best cloud-hosted help desk platform for 30 days

.supportsystem.com

Thank you for signing up for a 30-day free trial!

Please watch our SupportSystem walkthrough video while we process your account.

Your New Journey Begins Here

No Credit Card Required. No obligation, cancel anytime.

Compliance and Data Security

The security of our customers’ data is critically important to us. SupportSystem is committed to protecting our customers’ personal and sensitive information. This notice describes our data security and compliance statement.

Compliance

Credit Card Data Storage (PCI Compliant)

SupportSystem does not capture, transit or store any credit card information. All credit card data is captured and stored securely by our PCI compliant payment gateway provider, Stripe, which is certified to PCI Service Provider Level 1.

Datacenters Certification

SupportSystem runs on leased servers provided by Linode in two different datacenter locations.

  • Dallas, TX – SOC2 security certified
  • London, UK – ISO9001 security certified

Certificates are available upon request.

Data Security

Security is of paramount importance to us. We focus on providing a secure environment that goes above and beyond industry security standards and guidelines. The following is an overview of the steps we take to secure our customers’ private information.

Secure Server Access

SupportSystem network is set up securely with minimal access to outside networks. All communication with servers (outside of public HTTP/HTTPS access) is over encrypted secure shell (SSH) with authentication only available via public/private key (PKI).

  • Server administration is performed over VPN connection.
  • SSH password-based authentication is disabled.
  • Firewalls on all servers are set to default-reject.
  • Database connections are only accepted from authorized servers on the internal private subnet.

Software updates and Security Patches

SupportSystem facilitates secured patching and software updates of all our server infrastructure systems, including actively monitoring numerous online resources for the latest vulnerabilities. It’s our policy to apply security patches as soon as they are made available.

Access and Activity Logging

All access and activities by our employees on our servers are logged, monitored and observed.

  • Restricted role-based access to servers and data.
  • Documented Change Management Process – All changes to the infrastructure for both network and software are documented and peer-reviewed.
  • Server access logs for auditing are kept for 28 days.

Our SupportSystem customers’ access to their account is logged and available for review by account administrator. IP whitelisting is also available for SupportSystem customers, which can dramatically reduce the exposure of our customers’ accounts.

Password Hashing

User account passwords are salted and hashed using a slow hash function to increase security. SupportSystem employees cannot recover original passwords.

Siloed Databases

SupportSystem customer’s data is siloed to individual databases with restricted access to ensure optimum availability while ensuring complete customer privacy and data segregation. We do not co-mingle multiple accounts on the same database tables.

On Disk Encryption

SupportSystem databases are encrypted on disk with AES-256. Decryption keys are stored securely on separate machines.

Encrypted Offsite Backups

Backups are performed nightly, encrypted and stored offsite.

Reliability

SupportSystem infrastructure has been architected to provide one of the most flexible and secure environments available. Our network operations team considers reliability to be of the greatest operational concern, they like to sleep at night!

Infrastructure Redundancy

SupportSystem infrastructure is built with high availability and redundancy in mind. We’ve also gone to great lengths to remove all single points of failure.

  • Redundant front-end proxy web servers
  • Application servers are redundant and load balanced.
  • Clustered database servers — multiple masters (no failover time).
  • Highly available and scalable DNS.
  • Redundant messaging infrastructure for the monitoring system

Infrastructure Monitoring

SupportSystem infrastructure is monitored 24/7. Any critical incident triggers SMS alerts to the entire network operations team.

Guaranteed Uptime

We strive to guarantee 99.999% uptime. We publish and maintain a public infrastructure status page at https://status.supportsystem.com

Disaster Recovery

We make routine backups of our server configurations and database data to be used in the unexpected event of data loss or corruption.


Frequently Asked Questions

Do employees have to sign confidentiality agreement?

Yes, each and every employee and contractors on staff sign a confidentiality agreement.

Do employees have restricted access to customer data?

Yes, information access is restricted to only that which is necessary to perform job functions.

If you do have additional questions or concerns, please don’t hesitate to contact us.