Our Security Commitment
KeepShift provides a platform built to the highest security standards, with a commitment to deliver the best customer experience for owners and users of the platform, ensuring that our customers’ information is kept secure and safe is our highest priority.
Compliance
We ensure our platform meets key industry standards. KeepShift uses a payment gateway that is PCI compliant for handling credit card transactions.
KeepShift monitors our infrastructure using external and internal vulnerability scanning. We perform annual audits and security assessments with independent and globally recognized security assessment firms.
Infrastructure
KeepShift runs on Google cloud infrastructure. We host customer instances regions provided by Google and host your data in the region closest to your business — to streamline performance Securely deliver services to users with speed and reliability—all on Google’s infrastructure.
This is backed up by Googles 99.99% uptime service level agreements to ensure that KeepShift is always available.
Encrypted data and communication
KeepShift uses Google Cloud’s infrastructure Encryption both to securely communicate with our users and to store all customer information. Google encrypts customer data stored in its data centers using Advanced Encryption Standard (AES) 256-bit encryption or stronger. For encryption in transit, Google uses Transport Layer Security (TLS) to secure communications between its services and client applications. Google also supports HTTP Strict Transport Security (HSTS) to prevent downgrade attacks. KeepShift uses Google for all website, mobile, and integration communications.
Passwords and 2-Factor Authentication
KeepShift provides a variety of options to keep your account secure. In addition to passwords, KeepShift provides 2-Factor Authentication capabilities on every user account using industry-standard one-time codes. For top level security, KeepShift allows you to turn on 2-Factor Authentication (2FA) for yourself and any other profiles under your account. This means that when logging in, you and other users will need to verify the login using 2FA, as well as entering specific username and password
Customer Separation
All customer data is kept logically separate through sharing of database partitions and multi-regional deployment. This ensures that there is no data overlap or loss of data integrity between customers.
User Access
To access the KeepShift system users must enter their unique username and password details into the login page. The usernames and passwords for each user can be controlled by the administrator if required. The login and authorization of each user is processed over a secure and encrypted connection. At anytime you can also change a user’s security settings, including suspending or removing their access altogether.
Access Roles
KeepShift provides role-based access levels so that employees, managers, and administrators can only view data that is relevant to them. This access can be customized to suit your needs through the KeepShift application platforms
Commitment to Data Privacy
KeepShift is committed to keeping your data private and respecting individual privacy rights and regulations. At all times you retain ownership of all data related to your KeepShift account. If at anytime you discontinue use of KeepShift you can request the removal of all information related to your account from the KeepShift system. You can also request a copy of your database if required.
Please see our Privacy Policy page for more details.
Need more info about security? Please talk to us
KeepShift’s in-house Security Team is dedicated to securing data, protecting KeepShift from threats, and providing assurance to customers. If you have any security questions, please get in touch.
As detailed in our service agreement KeepShift do not hold any of your Financial information for subscription payments. We utilize “Stripe” as our payment gateway which is a PCI compliant service and uses the most stringent level of encryption available in the payments industry.
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. To read more about how Stripe protects your Financial information click here.