Salestrekker is hosted on Amazon's AWS infrastructure in Sydney region/Australia. AWS provides industry standard data protection.

We hold documents in AWS S3 buckets, which utilise AES256 encryption for data at rest and limited encrypted access.

Databases are hosted on AWS EC2 servers with storage encrypted utilising AWS algorithms.

Access to these servers is limited via SSH encrypted communication protocol and 1024 bit keys.

Salestrekker application utilises TLS 1.2 and 1.3 encryption.

Application servers are protected using AWS firewalls and additional firewalls within the servers.

Fail 2 ban scanning actively monitors log files blocking access to all suspicious connections.

A dedicated Qualys Vulnerability Management and Web Application Scanning server is continuously scanning all Salestrekker servers and monitoring application and architecture security.

Utilising Qualys, we perform regular system scans to establish compliance with various standards, such as PCI DSS and APRA's CPG 234 (Note: we are not currently certified under PCI DSS or CPG234 standards).

We undertake annual independent penetration tests to ensure a third party checks of our application and architecture security.

Salestrekker has an Information Security Management System in place, comprising of policy, procedures, risk management, training, system monitoring, incident management and continuous improvement management processes.

We have obtained SOC2 Type II accreditation, certifying our existing management practices and monitoring of their upkeep.

We are committed to obtain other industry relevant security certifications in the future (e.g. PCI DSS).

Our data security and management processes are regularly audited by APRA regulated banks.