Sign In App

Data security

Where is my visitor data hosted?

Sign In App is a cloud based service hosted in Tier 4 data centres. When starting a trial or purchasing a subscription, you can select from one of six data storage regions; UK (London), EU (Stockholm), US (North Virginia or California), Canada (Montreal) and Asia-Pacific (Sydney). All visitor data and backups are stored and replicated within the region you select. Our data centres employ physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorised entry.

How long is data retained for?

You control how long your visitor and staff sign in history is retained for. Set the retention period for your account from 7 days to indefinitely in line with your privacy and GDPR policies.

Is data encrypted?

All data is encrypted at rest and in transit over TLS 1.2. All backups are encrypted and passwords are hashed.

How is my data backed up?

Your data is continually backed up and replicated between two data centres. All backups are encrypted and retained for 14 days.

What happens to my data in the event of a disaster?

During any disruption to the Sign In App service, your app will continue to operate in offline mode. We will notify all clients within one hour if an extended period of disruption is expected. All data is backed up and our disaster recovery procedures are outlined as part of our ISO27001 accreditation.

What does ISO27001 accreditation mean?

ISO 27001 is a specification for an information security management system (ISMS) as defined by the International Organization for Standardization (ISO). It’s a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. Simply put, it ensures that an organisation strictly controls all aspects of information security. Sign In App Ltd is ISO27001 accredited with certificate number DK20022018ATC.

How is Sign In App GDPR compliant?

Sign In App acts as your data processor for visitor data. Our responsibilities include ensuring your data is secure, providing transparency around where the data is stored and providing features to allow you to control your data in line with your GDPR policies. Ethical data protection has always been a key part of Sign In App and the GDPR has only strengthened this since coming into force. With Sign In App you can set your own data retention rules, customise the data collected for each visitor type and present policies and opt-in options to visitors. You can also rest assured that your visitor data stays in the region you choose.

We also have an IASME certificate of assurance issued to us for GDPR compliance. This is attained following a self-assessment against the IASME governance standards which are verified by IASME.

What is Cyber Essentials?

Cyber Essentials is an official UK government-backed scheme that protects our organisation against a whole range of the most common cyber attacks.

Have you completed the NHS Data Security & Protection Toolkit (NHS DSPT)?

Yes. You can find evidence of our submission here. The Data Security & Protection Toolkit is an on-line self assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

In the UK all organisations that have access to Patient data and systems must complete the NHS Data Security & Protection Toolkit. This provides assurance that they are practising good data security and that personal information is handled correctly. You can find more information about the NHS DSPT here.

Where can I find more information?

We are continually introducing features to help you manage your staff and visitor privacy and security. If you require additional information, please contact us at privacy@signinapp.com.