The security of your personal data and your customers personal data is critical to maintaining the culture of trust that underpins everything we do as a business.
We install SSL certificates on all of our websites as standard to ensure that sensitive data submitted to a website is transmitted securely.
We work hard to maintain best practices for encryption and disable support for older encryption standards that are no longer considered strong. This is one reason that we drop support for older browsers aggressively. Read more about our browser support policy.
Data center security
Capsule and your data is hosted on either Amazon Web Services (AWS), a global leader in Infrastructure as a Service (IaaS) or Guru Cloud Hosting, a leader in managed hosting based in the UK. Both companies take physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.
Amazon maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the AWS Compliance website and you can read more about the specifics of their approach at https://aws.amazon.com/security/.
You will find more information on security at Guru Cloud here: https://www.guru.co.uk/about/technology/cloudlinux
You choose who has access to your website CMS and the permissions that they have. Our team do not have access to login to your account. We have our own account that is used during development of your website and which can be retained for the purpose of supporting you with your website if you wish. We would always ask your permission before accessing your CMS and have a strict process for control of access information. You will always have the option to delete any account including our account from your CMS.
We work hard to protect all of the systems and data that we work with. We have strict internal policies and processes to keep our team and their kit safe, to protect our assets, and to limit access to sensitive systems and infrastructure to key staff on a needs-only basis.
Backup and availability
Our hosting infrastructure is fully balanced and redundant. This means that if a server fails your website will continue to run from a separate resource. While this effectively means that your website should be available 100% of the time we have still made prevision for regular backups. Our websites and data are regularly backed up to ensure that we can restore access to your data and website in the unlikely event that the data replicas in all locations fail at once. Our monitoring alerts us to any trouble and we have staff on-call at all times to quickly resolve unexpected incidents.
Updates and external review
We update your CMS regularly. We monitor security advisories and other security community output closely. We work promptly to upgrade your website to respond to potential new threats and vulnerabilities as they are discovered.
Payment card data
We do not store credit card data on our systems.
Concerns or want to contact us?
If you have any concerns about how we handle data and security please contact firstname.lastname@example.org and we’ll be happy to help with your enquiry.