WooDelivery is a cloud-based software where all our servers and databases are hosted in the United States. Data Security sits at the core of our services. Protecting our customers’ and users’ information and their privacy is extremely important to us. As such, we take extra care in our server infrastructure to ensure that our customers’ and users’ information is secured. As part of our commitment to data privacy, we are supporting our customers’ compliance with the GDPR (General Data Protection Regulation) requirements.
Thousands of businesses trust us to keep sensitive data about their employees, customers, and business safe. Internally, we make sure that WooDelivery team members can’t access your information unless it’s absolutely necessary, and we’re always reviewing our access levels to make sure it stays that way. To keep your information safe from external threats, we have these measures in place:
1. Data Hosting and Storage
WooDelivery applications and data are hosted in a cloud infrastructure service – Microsoft Azure in USA, which is certified for their world-class security, including their physical security, data-center operations, and personnel security. Customer data or files will never be stored in any private computer. Azure’s infrastructures are backed by a team of experts, and proactive compliance trusted by enterprises and governments. It proactively safeguards your data and streamline compliance with the 100+ compliance offerings. Please click here to find more information.
2. Backup and Monitoring
Database backups are an essential part of our business continuity and disaster recovery strategy, because they help protect the data from corruption and problems with physical hardware. WooDelivery databases create:
- Full backups every week.
- Differential backups every 12 or 24 hours.
- Transaction log backups approximately every 10 minutes.
We also produce audit logs for all activity. All actions taken on production server are logged.
3. Failover and Disaster Recovery
WooDelivery was built with the failover and recovery plans in mind. The infrastructure and data are spread across 2 service instances and will continue to work should any one of those app service fails.
WooDelivery team monitor, detect and analyse any threats to the system. We also participate in annual testing, internal or external audits.
4. Database User Access
WooDelivery aim for the least number of people possible to have access to the production database. Customer data on the production server can only be accessed by our internal database administrator. Team members have only the bare minimum privileges they need to do their job, and only during periods while they need access.
5. Secure Software Design
Any new feature or code that will be implemented into our system includes an in-depth analysis of security and privacy risks. All code is saved into a git version control repository and evaluated in a test environment before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality.
6. Data Encryption
We only use secure connections, so information is always encrypted using Transport Layer Security (TLS) when transmitted from your mobile devices and computers to our systems. All data is encrypted in transit and at rest using enterprise-grade 256-bit encryption.
7. Access Control to Data
Two-factor authentication is available across all WooDelivery web applications and mobile apps to safeguard your customer data. Additionally, we provide a Single Sign-On (SSO) solution for our enterprise customers.
8. Training and Awareness
All WooDelivery team members will be aware and up-to-date on the policies related to the data security and disaster recovery planning.
9. Third-Party Sharing
We take the integrity of customer data very seriously and will never share it with a third party unless absolutely necessary for the delivery of the service. Customer data will never be provided to third parties for advertising or marketing purposes.
10. Requesting Data Deletion
If you are no longer using WooDelivery and would like your data erased from our databases, submit a request and we will process the removal within 5 business days.
11. Private Cloud
Private cloud solution is available to our enterprise plan customers with additional charge. With our private cloud solution, we deploy the software and database on an infrastructure or laaS (infrastructure as a service such as Azure) of your choice. You’ll have complete control over your data management, security, and compliances. Your sensitive data will not be exposed to any other companies.
If you have any queries or complaints about our data security, please contact us at:
[email protected]