- Security comes from Iceland, the land of earthquakes, volcanoes and glaciers where we have learned how to keep safe through natural disasters. That is why we always put security first for our clients. Even with the Eyjafjallajökul volcano eruption in 2010 the system continued to run smoothly :)

On top of all the below security measures we have taken, we are also GDPR compliant, please click here to read more.

Secure Data Transmission

The privacy of all internet communication between users and clients and our system is secured by SSL SHA-256-bit with RSA 2048 which is one of the strongest encryption algorithms available today.

Trusted data centers hosts its servers with two reputable data centers, in Canada and in France. Those two hosting companies have 24/7 security personnel on site, security badge control system, video surveillance with badge entrance into their buildings and strict access control making it extremely hard to break into. The hosting centers meet the R82 and R81 APSAD standards and work according to ISO 27001 standards.

HIPAA compliance

We follow strict security measures and perform an annual HIPAA risk assessment to maintain our HIPAA compliance. HIPAA compliance means that we restrict access to any PHI to a specific team within the company, implement double authentication with verification code, send all communication through SSL and have an automatic logout of the system after a given idle time. You can concentrate on making sure that security on your side is up to standards.

Data Backup

Your data within is backed up every single day and stored on a secure server using encrypted data transfer in different locations to avoid any potential data loss or corruption. We verify our backup procedures regularly to make sure we provide you with the most secure performance.

Network Protection

We monitor our´s network constantly, 24/7 against any potential threats including data breaches, adware, hackers, pop-ups and phishing attempts. Historically our uptime has been around 99.9% which corresponds with our goal, to provide you with a trustworthy business partner.

Payments does not store any credit card information, neither when you pay your subscription fee to, your recurring subscription fee nor when your clients pay for your services on your booking page. Your payment are all processed by an external and secure PCI DSS compliant parties such as Paypal, CardConnect, Stripe, Borgun and more. This means that your payment is always 100% safe (or at least as safe as it gets with these providers) and your payment data remains confidential.

Security by Design

We develop and maintain our system according to SDL principles, defining key security risks before each project change and implementing relevant security controls to address these risks. We do our best to protect the system against known vulnerabilities (SQL and XSS injections, CSRF attacks, etc.) by implementing SaaS companies best security assurance measures.

Protecting Personal Data is designed to control closely what level of access is needed for our support personnel and restricts any excess access. Every single person in our staff that may access data is required to sign NDA and is obliged to turn in a criminal record certificate. Relevant data is only visible for relevant people, defined by role based authorization.

If you have any further security questions, don't hesitate to contact our security officer!