Security at CarbonTrail
How do we keep your data secure?
We only integrate with trusted brands like Xero and MYOB, who adhere to the toughest standards regarding data security.
Read only access
We can't make any changes to your accounts or financial data.
No bank details
We don't have access to any of your banking details nor can we access them through our partners.
Delete your data
On request, your accounting data can be decoupled and deleted at any time, which removes all of your records from our system.
Frequently Asked Questions
Do you use Encryption?
Our servers have SSL Certificates signed by global leaders in certificates, Amazon Web Services, so all data transferred between you and the service is encrypted. The encryption is the same as that used for Internet banking.
Further, we encrypt your data at rest, and encrypt this again with a unique key at a database level, to ensure that only you can view your data, and in the extremely unlikely event of a breach, that the data is useless to anyone who accesses it.
Are you ISO 27001 certified?
Not yet, but we are actively working on achieving certification in this area. We are aligned to the best practices set out by ISO27001. Our cloud provider, Amazon Web Services, implements and adheres to ISO 27001, 27017, and 27018. Their ISO 27001 certification can be downloaded here.
Who can access my data?
No one will be able to access your data unless you invite them to, and you can remove them at any time. Our servers are highly secure, with multiple layers of protection and encryption.
Do you use firewalls or other security mechanisms?
Yes - our servers are well-protected by multiple layers of firewalls, intrusion protection systems, and network-level defences. They are configured and monitored according to industry best practices. Our internal office networks are isolated from customer data by design, so you can be confident that your data is safe with us.
How do I log in? Is that secure?
You can only log into CarbonTrail through Xero, MYOB or your own corporate single sign on (SSO) system, which means that your credentials are held securely by those trusted companies or your own company's IT department.
How do you know your systems are secure?
Our security is reviewed and audited regularly.. This includes threat modelling and remediation by external specialists, and automated server scanning through AWS.
Will my data be backed up?
We run backups of our database every night, full backups every day, and transaction log backups every 30 minutes. This way, if we need to, we can immediately recover your data.
Where do you host my data?
Our servers are located within Amazon Web Services in Sydney Australia, which are enterprise grade hosting facilities. Find out more about AWS Security here.
Can you sign an additional agreement to cover your use of our data?
Yes, absolutely. We are confident in our data protection measures and would be glad to sign an agreement. We can provide a standard Data Sharing Agreement, Non Disclosure Agreement, or you can bring your own for us to sign. Contact us to find out more.