Carbon accounting requires understanding various aspects of a buisnesses operation, including its financial position, use of suppliers, subsidaries and more. All of this data is incredibly sensitive, and we go beyond industry best practice to ensure that all data hosted on CarbonTrail's platform remains safe and secure.
CarbonTrail is a well-established and trusted carbon measurement organisation, having been in operation since 2022, and having gained a 4.8/5 star rating on the Xero App Store.
We have aligned our operation with the global ISO27001 information security standard, host our services in Amazon Web Services, in line with best practices, and have at least annual external audits of our environmental and security processes to ensure that we exceed the minimum requirements set by the industry.
Yes - we use Cloudflare to ensure all data transferred between you and the service is encrypted. The encryption is the same as that used for Internet banking services around the world.
While we analyse your data from your accounting tools and activities, this information is stored in our secure servers, again hosted in Amazon Web Services. We encrypt your data at rest, and encrypt this again with a unique key at a database level, to ensure that only you can view your data, and in the extremely unlikely event of a breach, that the data is useless to anyone who accesses it.
We are actively working on achieving certification in this area. We are aligned to the best practices set out by ISO27001. Our cloud provider, Amazon Web Services, implements and adheres to ISO 27001, 27017, and 27018. Their ISO 27001 certification can be downloaded here.
We also have an internal information security management system (ISMS), which has been created in line with the ISO27001 best practices. If you want more information on any of our policies, internal processes, or another question, please contact us.
No one will be able to access your data unless you invite them to, and you can remove them at any time. Our support team may be granted access to your file on your behalf, to assist you with your use of the tool, but all operations are logged.
Our servers are highly secure, with multiple layers of protection and encryption.
Yes - our servers are well-protected by multiple layers of firewalls, intrusion protection systems, and network-level defences. They are configured and monitored according to industry best practices.
We use Cloudflare as a web-application firewall which provides protection against common web threats, and locks down sensitive operations. Our internal office networks are isolated from customer data by design, so you can be confident that your data is safe with us.
You can only log into CarbonTrail through Xero, MYOB or your own corporate single sign on (SSO) system, which means that your credentials are held securely by those trusted companies or your own company's IT department.
Yes, we never use production customer data in test systems. We have seperate physical accounts that maintain segregation here.
Our security is reviewed and audited regularly. This includes threat modelling, penetration testing, and remediation, by external specialists, and ongoing security and dependency scanning and updates.
If you are interested to see copies of our penetration test report, please contact us.
We run backups of our database every night, full backups every day, and transaction log backups in real time, through our managed database provider. This way, if we need to, we can immediately recover your data.
Our servers are located within Amazon Web Services in Sydney Australia, which are enterprise grade hosting facilities. Find out more about AWS Security here.
Yes, absolutely. We are confident in our data protection measures and would be glad to sign an agreement. We can provide a standard Data Sharing Agreement, Non Disclosure Agreement, or you can bring your own for us to sign. Contact us to find out more.
