Information security policy
FAQ for clients and prospective clients
Data security is of utmost importance to Impact Data and our clients. The following questions and answers provide a general overview of our policies and procedures relating to data security. If you have further questions, please contact your Impact Data representative or contact us.
Where is data stored?
Impact Data uses cloud-based hosting services operated by Heroku and AWS, with data stored in data centres in Australia and the United States. AWS and Heroku operate under the highest security standards.
How do you keep the data secure?
Data is encrypted at all times — in transit and at rest.
Who has access to the data?
Our clients have access to their own data via our applications.
Our employees have access to client data as required for service delivery. (Impact Data employment agreements contain confidentiality clauses that apply to the use all company assets, services and information.)
Apart from the hosting provider, no other third parties have access to the data.
How can I retrieve my data?
Clients can retrieve their data at any time via our applications or by direct request to Impact Data support.
What will you do with my data if I close my account?
We destroy client data and any backup copies when there is no longer a valid business requirement for us to retain it.
We permanently delete all TalkBox client data, such as contacts, 45 days after an account is terminated.
How do you address application vulnerability?
Data security and application hardening are core to our application-design and quality-assurance processes. Security patches are applied regularly, both by our staff and by hosting providers. Our applications undergo third-party security penetration testing annually.
What disaster-recovery measures do you have in place to protect from data loss?
All databases are backed up; primary and secondary backups are stored securely in physically separate data centres.
Application code and other assets are backed up in independent systems.