(Please note that some of the measures below only work against hackers in proportion to the strength of your password, so create good ones. Do not use a password that is a dictionary word, and include numbers or characters in addition to letters; this helps defend against a brute force attack.)
We do not store your password — only a hash of it. This means no one can recover your password from our database. If you forget your password, you must go through the password recovery procedure, which involves a message to your email address as a way to verify your identity.
No one can see your estate or asset data, except the people who have been added to the inventory or division. No data within it is public.
The web application uses the https protocol which involves an encrypted connection, such that the hardware through which your information passes on the Internet cannot decode the content. This prevents man-in-the-middle hacking attacks. – We keep all the software in our Linux servers up-to-date in order to avoid old, known security vulnerabilities.
We host our web application with Amazon and use its advanced network security features to ensure other Amazon clients cannot access our data.
We make a daily backup of our database, so that in the unlikely event of a catastrophic bug or failure, we can recover the data to the latest backup. We expect that, in such an event, the largest amount of work you could lose is 24 hours.
Our software is written in such a way as to protect against SQL injection attacks and cross-site request forgery attacks. Our team knows that discipline is a very important trait in a programmer and our software is written in a careful, orderly, informed and deliberate manner.
We also encourage you to use a reasonably recent version of a respected browser such as Mozilla Firefox or Google Chrome. We believe there is still reason to avoid Microsoft Edge because it is a re-branding of (and shares an enormous amount of code with) Microsoft Explorer, which has a poor security history.