Data protection, security & infrastructure
About your data, what we do with it & where it lives
Updated: May 14, 2018
Punchpass hosts data from both our clients, as well as their customers. We take this responsibility seriously, not just because it’s the law, but because it’s how we would want our data handled. Below are more details about how we handle your data to keep it safe and secure.
When you close your account, it’s gone in 60 days
After 60 days cancelled client data is removed from our systems. Punchpass provides tools to help clients get their data out of Punchpass should they choose to – we believe it’s your data.
We do not sell data
Call us old-school, but we make money by charging our clients a monthly fee. We do not, under any circumstances, ever sell data to 3rd party services for marketing or any purpose.
We send data to 3rd party services to run Punchpass
Any modern web application uses a number of different specialized applications in order to serve their customers, and we are no different. For example we use Intercom for customer support, Rollbar for error tracking, Stripe to process credit card payments, and Postmark to send transactional emails. Our service is hosted on Heroku/Amazon Web Services (more info below.)
These services help Punchpass run more reliably, efficiently, and safely. We strongly believe that using best-in-class services makes your data safer and more secure.
We leave our infrastructure to the experts
Punchpass is hosted on Heroku, which runs on Amazon Web Services (AWS.) AWS has become the gold standard in cloud infrastructure hosting, allowing Punchpass to scale globally. More information can be found at the AWS Security Center.
Backups are kept for one year
Currently our logs and backups are kept for one year and then deleted automatically. We are exploring ways to reduce the amount of time these are kept, while also making sure we keep the security of our existing customers in mind.
All Punchpass applications and communication use SSL, which creates a secure connection and keeps data safe.
We don’t handle or store credit card data
Prompt disclosure of any security issues
We will quickly investigate any reported security issues. If you’ve discovered a security bug, please send an email to email@example.com. We will try to respond within 24 hours and request that you not publicly disclose the issue until we can address it.
GDPR specific concerns
Specific questions? Please contact us at firstname.lastname@example.org and we’ll get right back to you.