Security

We appreciate that security is a concern for potential adopters, and we try and address the most common concerns below:

Data Storage

Your data is stored on Microsoft Azure.  Azure uses industry-standard protocols to encrypt data as it travels between devices and Microsoft datacenters, and crosses within datacenters. Azure complies with both international and industry-specific compliance standards. Customers maintain full ownership of their data. Microsoft has adopted the world’s first code of practice for cloud privacy, ISO/IEC 27018.

Data is hosted in a UK datacenter.

All access is via https only, and weak security protocols are disabled.

Data in the database is encrypted at rest, and is backed up regularly.  Data transmitted is transmitted encrypted.  Please look at our backup policy.

Access

You control access to the data.  Members have to be authorised by the club, and that authorisation can be revoked.  Each member can see only the records that belong to them, they cannot see any other records.

We operate a zero-knowledge policy with respect to passwords.  They are never stored as clear text and are hashed and salted.  We can reset a password, but we can’t read them.

Two Factor Authentication is available.

Monitoring

Activity on the site is logged and monitored.