Security.
Set Tracker takes user data security extremely seriously and we have numerous technical and operational measures in place to ensure that customer data remains safe. We’re committed to being transparent about our security practices and helping customers understand our approach.
Personnel Security
Set Tracker’s security practices apply to all members of staff, independent contractors, and anyone with direct access to our internal systems. Before gaining initial access to systems all employees must agree to confidentiality terms and pass a background screening.
Upon termination of employment at Set Tracker, all access is removed immediately.
Application Security
In order to secure Set Tracker’s applications, a secure development life cycle and release management process is used in the delivery mechanism for new products as well as updates to existing products. Advanced application security testing is performed to ensure released code is secure and adhering to defined development standards.
Physical Security
Set Tracker infrastructure is hosted on Amazon Web Services (AWS). The AWS data centers are equipped with multiple levels of physical access barriers including:
Alarms
Outer perimeter fencing that is crash rated for vehicles
Electronic access cards
Video surveillance
Internal trip lights
For more information on AWS security processes, see this whitepaper.
No Set Tracker employee has physical access to any AWS data centers, servers, networking equipment, or storage
Product Security Features
Set Tracker’s foundational cornerstones for delivering customer services focus on strong security, availability and resiliency. Within the application’s themselves, strong authentication models are utilized and made available for clients to protect their data. ST views data protection as the highest priority leveraging modern day safeguards for both data at rest and in transit. ST employs advanced encryption technologies and strong key management which provide extensive protections for sensitive data using encryption tied to access control for in-flight and at-rest data protection.
Authorization/Authentication
Set Tracker adheres to the principle of least privilege – employees are given access only to the data that they must handle in order to fulfill their current job responsibilities. Employees are granted access to a small number of internal systems, but any requests for additional access must be approved by the system owner.
Where possible, Set Tracker employs multi-factor authentication for administrative access to systems containing any sensitive data.
Third Party Service Providers
Set Tracker uses third party providers for some aspects of our operations. Where those organizations may impact the security of our production environment or customer data, we take appropriate steps to ensure that Set Tracker’s security posture is maintained.
Privacy Policy
Learn more about privacy here.