Privacy & Security

Grow your practice with engaging solutions

Technical Security Measures

We take the issues of data security and privacy very seriously. And we know that security is important to you too.

The nature of Client Engager requires us to collect data on you, your customers and your business. In the interests of full transparency, and to ensure that we abide by UK and GDPR regulations, we believe that you have a right to know about the precautions we take in how we process, transfer and store your data.

Data Centre Security

In addition to what Amazon AWS and DigitalOcean commit to in order to protect our servers they host we have some additional precautions:

  • We applied custom security policies to restrict access to our data and assets.
  • We configured public and private subnets to secure our virtual private cloud.
  • We store Virtual Server backups and S3 assets, which are encrypted using the AES-256 algorithm.
  • We configured custom firewall rules and applied IP restrictions for remote connection to our Virtual Server instances. Only authorized people have remote access to our assets.

Security From Data Loss and Corruption

  • All databases are kept separate and dedicated to prevent corruption and overlap.
  • We have multiple layers of logic that segregate user accounts from each another.
  • In addition, the Client Engager security team does not have access to customer data unless our clients enable it and they have the correct permissions or is needed in an emergency.
  • Backups are daily and stored on cloud servers for 30 days.

Application Level Security

  • All pages – from our desktop to mobile website – pass data via TLS (Transport Layer Security, HTTPS), without exception.
  • User account passwords are hashed. Even our own staff can’t view them.
  • Lost passwords cannot be retrieved. They must, instead, be reset. Every accountant who uses Client Engager can reset their own password with a reset-link sent upon request to their registered e-mail address. The link is valid only for a few minutes. Client passwords used to access Client Portal can be reset by accountants only.
  • Login pages and logins have brute force protection.
  • API endpoints have rate limits.
  • External security penetration tests are part of the security plan.