Our servers have SSL Certificates signed by global leaders in certificates, Amazon Web Services, so all data transferred between you and the service is encrypted. The encryption is the same as that used for Internet banking.
Further, we encrypt your data at rest, and encrypt this again with a unique key at a database level, to ensure that only you can view your data, and in the extremely unlikely event of a breach, that the data is useless to anyone who accesses it.
Not yet, but we are actively working on achieving certification in this area. We are aligned to the best practices set out by ISO27001. Our cloud provider, Amazon Web Services, implements and adheres to ISO 27001, 27017, and 27018. Their ISO 27001 certification can be downloaded here.
No one will be able to access your data unless you invite them to, and you can remove them at any time. Our servers are highly secure, with multiple layers of protection and encryption.
Yes - our servers are well-protected by multiple layers of firewalls, intrusion protection systems, and network-level defences. They are configured and monitored according to industry best practices. Our internal office networks are isolated from customer data by design, so you can be confident that your data is safe with us.
You can only log into CarbonTrail through Xero, MYOB or your own corporate single sign on (SSO) system, which means that your credentials are held securely by those trusted companies or your own company's IT department.
Our security is reviewed and audited regularly.. This includes threat modelling and remediation by external specialists, and automated server scanning through AWS.
We run backups of our database every night, full backups every day, and transaction log backups every 30 minutes. This way, if we need to, we can immediately recover your data.
Our servers are located within Amazon Web Services in Sydney Australia, which are enterprise grade hosting facilities. Find out more about AWS Security here.
Yes, absolutely. We are confident in our data protection measures and would be glad to sign an agreement. We can provide a standard Data Sharing Agreement, Non Disclosure Agreement, or you can bring your own for us to sign. Contact us to find out more.