Compliance and Data Security

The security of our customers’ data is critically important to us. SupportSystem is committed to protecting our customers’ personal and sensitive information. This notice describes our data security and compliance statement.

Compliance

Credit Card Data Storage (PCI Compliant)

SupportSystem does not capture, transit or store any credit card information. All credit card data is captured and stored securely by our PCI compliant payment gateway provider, Stripe, which is certified to PCI Service Provider Level 1.

SupportSystem is Safe Harbor Compliant

SupportSystem complies with the US EU and US Swiss Safe Harbor Frameworks for protecting the privacy of data flowing from the EU and Switzerland to the US, as set forth by the US Department of Commerce. To learn more about the Safe Harbor program, and to view Enhancesoft’s (SupportSystem's parent company) certification, please visit http://www.export.gov/safeharbor/.

Although we are Safe Harbor compliant, do not transmit or transfer data across our EU and US datacenters. Customers can request to be hosted exclusively in our EU based datacenters.

Please see our Privacy Notice for our practices for implementing the Safe Harbor Principles.

Datacenters Certification

SupportSystem runs on leased servers provided by Linode in two different datacenter locations.

Certificates are available upon request.

Data Security

Security is of paramount importance to us. We focus on providing a secure environment that goes above and beyond industry security standards and guidelines. The following is an overview of the steps we take to secure our customers' private information.

Secure Server Access

SupportSystem network is set up securely with minimal access to outside networks. All communication with servers (outside of public HTTP/HTTPS access) is over encrypted secure shell (SSH) with authentication only available via public/private key (PKI).

Software updates and Security Patches

SupportSystem facilitates secured patching and software updates of all our server infrastructure systems, including actively monitoring numerous online resources for the latest vulnerabilities. It’s our policy to apply security patches as soon as they are made available.

Access and Activity Logging

All access and activities by our employees on our servers are logged, monitored and observed.

Our SupportSystem customers’ access to their account is logged and available for review by account administrator. IP whitelisting is also available for SupportSystem customers, which can dramatically reduce the exposure of our customers’ accounts.

Password Hashing

User account passwords are salted and hashed using a slow hash function to increase security. SupportSystem employees cannot recover original passwords.

Siloed Databases

SupportSystem customer’s data is siloed to individual databases with restricted access to ensure optimum availability while ensuring complete customer privacy and data segregation. We do not co-mingle multiple accounts on the same database tables.

On Disk Encryption

SupportSystem databases are encrypted on disk with AES-256. Decryption keys are stored securely on separate machines.

Encrypted Offsite Backups

Backups are performed nightly, encrypted and stored offsite.

Reliability

SupportSystem infrastructure has been architected to provide one of the most flexible and secure environments available. Our network operations team considers reliability to be of the greatest operational concern, they like to sleep at night!

Infrastructure Redundancy

SupportSystem infrastructure is built with high availability and redundancy in mind. We’ve also gone to great lengths to remove all single points of failure.

Infrastructure Monitoring

SupportSystem infrastructure is monitored 24/7. Any critical incident triggers SMS alerts to the entire network operations team.

Guaranteed Uptime

We strive to guarantee 99.999% uptime. We publish and maintain a public infrastructure status page at https://status.supportsystem.com

Disaster Recovery

We make routine backups of our server configurations and database data to be used in the unexpected event of data loss or corruption.


Frequently Asked Questions

Do employees have to sign confidentiality agreement?

Yes, each and every employee and contractors on staff sign a confidentiality agreement.

Do employees have restricted access to customer data?

Yes, information access is restricted to only that which is necessary to perform job functions.


If you do have additional questions or concerns, please don’t hesitate to contact us.

Please Wait!

Please wait... it will take a second!