Security Policy
Your Data Security Matters
Enquiry Tracker is a secure site, designed with privacy and security as a top priority. We apply stringent processes to ensure your data is safe throughout design, development, testing and day to day operations.
Privacy Protection
- Enquiry Tracker has a published Privacy Policy that defines what data is collected, and how it is used.
Account and Password Protection
- Your account is always password protected, and we utilize strong password policy and non-reversible hashing for storage of the password.
- You have the additional security option to enable Two-Factor Authentication, via a Google enabled account, which prevents anyone from accessing your account without possessing your physical device.
Data Encryption
- Google uses several layers of encryption to protect customer data at rest in Google Cloud Platform products.
- Google Cloud Platform encrypts customer content stored at rest, without any action required from the customer, using one or more encryption mechanisms. There are some minor exceptions, noted further in this document.
- Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys are stored with the data, encrypted with (“wrapped” by) key encryption keys that are exclusively stored and used inside Google’s central Key Management Service. Google’s Key Management Service is redundant and globally distributed.
- Data stored in Google Cloud Platform is encrypted at the storage level using either AES256 or AES128.
- Google uses a common cryptographic library, CrunchyCrypt, to implement encryption consistently across almost all Google Cloud Platform products. Because this common library is widely accessible, only a small team of cryptographers needs to properly implement and maintain this tightly controlled and reviewed code.
Security and Network Protection
- Enquiry Tracker’s network is designed with security in mind. This includes firewalls and Transport Layer Security (TLS).
- Enquiry Tracker Service only permits known connections/protocols, all other connections are refused and enforced by Google Cloud firewalls.
- Secure storage and access of client data is a top priority of the cloud-based monitoring system. Each user has a unique username and password that is stored in a database, accessible only by the cloud-based monitoring system.
- The Service uses HTTPS, the well-known and understood HTTP protocol, and layers a SSL/TLS (referred to simply as “SSL”) encryption layer on top. Servers and clients still communicate via HTTP, but over a secure SSL connection that encrypts and decrypts requests and responses.
- Enquiry Tracker continuously optimizes its security infrastructure, both within the application code and across our network/system platform.
Infrastructure and Hosting
- Enquiry Tracker’s physical infrastructure is hosted and managed within Google’s secure data centers, utilizing Google Cloud Platform (GCP) technology.
- Google data centers are state of the art, utilizing innovative architecture and engineering approaches. GCP provides a highly reliable, scalable and secure infrastructure platform.
- Your data is stored on servers in your region, and will never be stored outside of that region.
Data Breach
- In the event of a suspected data breach, Enquiry Tracker has a Critical Incident Response process, and a Data Breach Policy Notification and Incident Response Plan that is reviewed regularly.
Report a Vulnerability
If you believe you have found a security vulnerability on Enquiry Tracker, please let us know right away by contacting [email protected].
We will investigate all reports and do our best to quickly fix valid issues.
Any Questions?
Please feel free to contact us with any questions: [email protected]