Our data security

Salestrekker team is committed to taking care of any data entered in our application or stored on our servers.

Our measures can be summarised as follows:

1. Application design and system architecture

Salestrekker is hosted on Amazon's AWS infrastructure in Sydney region/Australia. AWS provides industry standard data protection.
We hold documents in AWS S3 buckets, which utilise AES256 encryption for data at rest and limited encrypted access.
Databases are hosted on AWS EC2 servers with storage encrypted utilising AWS algorithms.
Access to these servers is limited via SSH encrypted communication protocol and 1024 bit keys.
Salestrekker application utilises TLS 1.2 and 1.3 encryption.
Application servers are protected using AWS firewalls and additional firewalls within the servers.

Fail 2 ban scanning actively monitors log files blocking access to all suspicious connections.
A dedicated Qualys Vulnerability Management and Web Application Scanning server is continuously scanning all Salestrekker servers and monitoring application and architecture security.
Utilising Qualys, we perform regular system scans to establish compliance with various standards, such as PCI DSS and APRA's CPG 234 (Note: we are not currently certified under PCI DSS or CPG234 standards).
We undertake annual independent penetration tests to ensure a third party checks of our application and architecture security.

Salestrekker has an Information Security Management System in place, comprising of policy, procedures, risk management, training, system monitoring, incident management and continuous improvement management processes.
We are in the process of obtaining SOC2 Type I and Type II accreditations that will certify our existing management practices and monitor their upkeep.
We are committed to obtain other industry relevant security certifications in the future (e.g. PCI DSS, ISO27001, etc).

Our Privacy Policy deals with other aspects of data handling.