Data security is a critical priority for any organisation that manages or owns data - and it is crucial that all community and member data, as well as any personal information, is securely stored and protected. If you run an online community, having secure data protocols in place will also encourage your community to participate and engage with one another within their own private portal, with full confidence that their data is being protected.

In this article, find out how we protect and store data at ToucanTech, as we answer some of our most frequently asked questions.

Who owns the data?

You do, of course! Silly question, right? Well actually no, not so silly. You definitely need to be confident that your suppliers don’t use your community data for their own commercial purposes. Here at ToucanTech, we are solely a data processor. So whilst we process personal data on behalf of our customers at their instruction, it is still owned entirely by them. 

Where is data stored?

ToucanTech stores all data on one of our dedicated secure cloud servers hosted by Amazon Web Services (AWS) with all data remaining within the jurisdiction of the server. Plus customer data is held on a separate database of their own.

How is the data protected?

We encrypt data

We set up SSL certificates for each of our client websites to ensure encrypted data transmission between server and browser and all database data is encrypted using the Amazon encryption key service.

General Data Protection Regulations 

We are registered with the UK’s Information Commissioner’s Office (ICO) to handle all of our customer databases, as well as adhering to the privacy policies of multiple global jurisdictions, including the EU’s GDPR and Australian, UK and US data privacy laws. 

ToucanTech team data handling policy

Every ToucanTech team member signs and adheres to our Information Security Policy, which is available to view upon request. Our employment contracts include a customer data clause, out-lining that if a team member is handling any customer data they must strictly comply with our Information Security Policy, including measures such as never storing data on personal devices and never sending data lists via email. 

Vulnerability and penetration scanning

In order to identify vulnerabilities, we run malware and antivirus scans daily, as well as monthly penetration scans and patch updates as additional security measures. 

Additional firewall protections 

We use two types of firewalls to ensure protection for our clients and their data. Virtual network firewalls restrict server traffic, and web application firewalls, which detect and protect against unwanted intrusions on all our web servers. 

Regular data back-ups and disaster recovery plans

We ensure that full back-ups of all website files and databases are made every 24 hours on our live servers. In addition, a full SQL back-up of each customer's database is saved to a backup server in a separate location on the first day of each month and made available for the customer to download.

And many helpful tools available to help you keep your data secure

Enable different permissions levels for each of your administrators, restricting their access to the data they require to perform their job. Audit trails track the data changes and reports accessed by your team. Plus with MFA (multi-factor authentication), you have one of the most effective ways to prevent unauthorised access to your data.

ToucanTech is a cloud software used by organisations internationally, including schools, universities, nonprofits, clubs and companies, to manage a community database/CRM and a connected website. To find out more about how we support the management and growth of online communities, get in touch with one of the ToucanTech team.