One of our goals is to always maintain customer trust and confidence. PerformYard has invested heavily in enterprise-class security and data management techniques in the development of our product architecture and platform. Protecting the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to PerformYard.
We’ve partnered with Amazon Web Services (AWS) as our data center provider and are delivering PerformYard software to enterprise customers globally on top of a proven and scalable cloud-computing platform. AWS operations have been accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
The PerformYard infrastructure is designed and managed according to security best practices as well as a variety of security compliance standards. As a PerformYard customer, you can be assured that our platform architecture is built using some of the most secure computing infrastructure in the world.
SSL & ENCRYPTION
We know the information you store in PerformYard is important and sensitive. For that reason, we have implemented enterprise grade security and encryption to ensure your data is protected. Like many banks, we use a 2048-bit key for authentication and also one of the strongest block ciphers available – 256-bit Advanced Encryption Standard (AES-256) encryption to ensure your data is always encrypted as it travels from our servers to your browser.
PerformYard user passwords are managed using the Bcrypt methodology (https://en.wikipedia.org/wiki/Bcrypt) and are hashed “one way” for maximum protection.
We store your data within AWS and leverage database security features including encrypted storage volumes, TLS/SSL encryption, authentication, and authorization via SCRAM. All customer data is encrypted 'at rest' and in transit.
BACKUPS & DATA RETENTION
We understand how important it is to protect the mission critical data of our customers. The PerformYard backup and data retention process replicates data to encrypted, fault-tolerant, and geographically distributed data centers located in the US designed to minimize any exposure to data loss while ensuring security. Our data retention process takes snapshots in regular intervals and stores those for period from 2 days to 13 months.
ACCESS TO YOUR DATA
All data access is protected by a role-based permission structure, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.
Your data can only be accessed by a small subset of our organization, and even then, it's on a need-to-know basis. Our policies limit access to select employees who need it to provide support and troubleshooting on our customer's behalf, and access is tracked down to the page request level for audit purposes.
If you have used a credit card to pay for any part of your subscription, we don't have access to that either. Our credit card processing is done via secure and accredited third parties (Stripe or Intuit Quickbooks).
We don't sell your data to third parties.
You know we're constantly innovating on the product – and most often we push new features and updates into production with no or momentary downtime. Barring emergency updates, this is done outside of standard US business hours; any updates that require downtime are done on weekends only after providing at least 48 hours notice.