How do we secure your data?
We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.
At PracticePanther, we take privacy and security extremely seriously. Every line of code, and every feature and update in the software, goes through our CTO and chief developer. With his prior experience as the co-founder of a previous successful software company for 6 years, as well as his experience in the cyber intelligence unit of the army, he is a cyber security expert. He tests, approves, or rejects the code before letting it be published to beta where our team and a few select customers test it further before being released into full production.
Where is your data located?
We use Microsoft Azure geo-redundant servers that backup the data in real-time across multiple geo-redundant locations across the US.
How secure is our data?
We take security extremely seriously. We employ the following security protocols (and more we can not disclose):
- The app is protected by a 256-bit SSL encryption. Data is encrypted “at rest” and “in transit” for all customer data.
- Automated auditing and threat detection with Microsoft Azure.
- 24-hour threat management protects resources from malware, distributed denial-of-service (DDoS), man-in-the-middle (MITM), and other threats from Microsoft Azure.
- We use third party scan checks for vulnerabilities in every part of the software. Using the same techniques as malicious hackers, we systematically test all access points.
- Additional protection is provided by Cloudflare.com.
- All communications between PracticePanther and third party integrations are always encrypted.
- Sophisticated firewalls are enabled with Microsoft Azure.
- Our data is backed by the Microsoft Cloud which has 3 layers of physical security.
- Security filtering with access level controls.
- Each new feature released goes through manual and automated tests to ensure each user can only get data he has access to as set in our security controls.
- We use advanced security filters on both the data layer and the application layer.
Additional front-end and back-end security measures:
- When using the Box.com integration, your files are protected with enterprise level security and HIPAA compliant depending on which paid plan you select with Box.com (See here).
- You and your team have the option to enable two-step authentication when logged into PracticePanther which sends an additional unique login code (see here).
- Custom security roles. When adding a new member, you can limit their access to only certain parts of the software, so they can’t see financial reports for example (see here).
- Login throttling. When someone tries to login to your account with an incorrect password more than a certain number of times, they will be locked out for a certain amount of time.
If you have any questions regarding your data, privacy, or security, please contact us.