SuiteDash is the leading All-in-One Business Software platform specializing in collaborative work management and business process automation. Our Mission is to help business owners around the world achieve #SuiteFreedom by leveraging the power of systems, processes & automations!
We are dedicated to making SuiteDash the most secure and reliable collaborative work management and business process automation platform on the market. We are committed to protecting your personal and company data and ensuring secure collaboration within our platform, which is why we have always, and continue to invest in the security of our services not only to meet but exceed industry standards.
Over years of continuous service, SuiteDash has consistently met or exceeded a 99.9% uptime, ensuring you, your Staff and your Clients can access your Organization’s Portal when needed, without interruption. Current uptime status and a history for the last 90 days can always be accessed at https://status.suitedash.com/
SuiteDash is powered by the industry standard Amazon AWS technology stack. This means your data is safely stored in ‘best in class’ data centers around the globe every day. Data center locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather, and seismic activity. Data centers are designed to anticipate and tolerate failure while maintaining service levels. In case of failure, automated processes move traffic away from the affected area. Core applications are deployed to an N+1 standard, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
SuiteDash’s data backup model provides near real-time database replication to ensure customer data is both backed up and available on redundant and geographically dispersed servers. Full backups are performed many times daily and are stored encrypted in an environment physically separated from the primary servers to ensure fault tolerance.
SuiteDash uses industry-standard network protection procedures, including network segregation using VLAN’s, firewall and router technologies, intrusion detection and prevention systems, centralized log aggregation, and alert mechanisms. These procedures are used in conjunction with secure connectivity, including secure channels and multi-factors for authorized systems operations group personnel. This allows us to prevent, detect, and promptly remediate the impact of malicious traffic and network attacks.
Ongoing internal network security audits and scanning gives us an overview for quick identification of impacted systems and services. According to our in-house patch management policy, operating systems, software, frameworks, and libraries used in SuiteDash infrastructure are updated to the latest versions on a regular basis. Whenever a vulnerability in a product used by SuiteDash or a high or critical vulnerability is publicly reported, prompt actions are taken to mitigate any potential risks for our customers — we apply hotfixes and patches promptly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS.
SuiteDash uses operating system-based and automated integrity check services to ensure the integrity of all critical files and system objects. A quick response to any potential unauthorized changes to the system helps ensure our customers are exposed only to SuiteDash-approved application experiences.
SuiteDash uses Transport Layer Security (TLS) 1.2 with a preferred AES 256 bit algorithm in CBC mode and 2048-bit server key length with industry-leading modern browsers. When you access SuiteDash via web browser or via the PWA mobile application, TLS technology protects your information using both server authentication and data encryption. This is equivalent to network security methods used in banking and leading e-commerce sites.
All data is encrypted while in transit and at rest. A variety of security layers are in place to prevent unauthorized access to the underlying data, including IP-restricted access and intrusion-resistant firewall prevented access. All databases are required to accept only encrypted connections from pre-defined data sources.
User files uploaded to SuiteDash’s servers via both web application and API are automatically encrypted with AES 256 using per-file keys. If someone were to gain physical access to the file storage, this data would be encrypted and impossible to read directly. These encryption keys are stored in a secure key vault, which is a separate database decoupled from the file storage layer.
All user passwords are validated against password policies and stored securely using a strong hashing algorithm with a unique salt for every password. All users’ passwords, cookies, and sensitive information are reliably protected from eavesdropping.
An in-depth Application Security Lifecycle process is fully integrated into SuiteDash’s Software Development Lifecycle (SDLC), including:
Each user in SuiteDash has a unique, password-protected account with a verified email address. The password is validated against password policies and stored securely using a strong hashing algorithm with a unique salt for every password. In addition, 2-Factor Authentication is available as an added security measure to protect SuiteDash accounts. SuiteDash also offers advanced security settings that allow customers to manage Password Security Policy. More details can be found in our Help Section.
The SuiteDash Help Team is always happy to assist you with any SuiteDash-related issues. If troubleshooting or diagnosing an issue requires the Help Team to access your account, that permission can be granted only by you. Detailed logs are recorded each time the Help Team accesses your account in this way – these logs are routinely reviewed. This systemic approach lets us provide world-class support and ensures additional confidentiality for your data stored in SuiteDash.
If you or one of your users loses access to the SuiteDash platform due to failure to pass 2-Factor Authentication, we are able to help restore access, but there will be a specific set of security procedures that must be completed. We enforce these policies to protect against social engineering and malicious actors.
In each individual SuiteDash account, an appropriate administrator/staff member manages and controls individual user rights by granting specific Roles, Circles and/or Custom Menu visibility.
Customer data, including Messages, Dashboards, Pages, Projects/Tasks and Files/Folders, can only be accessed by other users within your SuiteDash account if those items were specifically shared with them, or if the items were placed in Shared Folders.
We practice regular recovery drills where we test diverse disaster and failure scenarios. We perform hourly backups of all databases, and files are backed up automatically after they are uploaded to SuiteDash. Our backups are tested on a regular basis and are stored off-site for a maximum of 30 days. We have procedures for responding to incidents managed by our dedicated Operations and Security, Infrastructure and DevOps teams. In the event of an incident, we will contact you within 24 hours and offer the best possible options for moving forward.
All your content will be inaccessible immediately upon cancellation. If 180 days have passed after your cancellation date, all your content will be permanently deleted from all servers and logs. This information can not be recovered once it has been permanently deleted. Additionally, all data will be permanently deleted from backups if 180 days have passed after your cancellation date.
For customers who request it, we have a Data Processing Addendum that outlines the obligations SuiteDash has in its role as a provider of the SuiteDash Service to our customers. This may include obligations related to the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). More information can be found on the GDPR Commitment page.
The Health Insurance Portability and Accountability Act provides security provisions and data protection for safeguarding medical information. If SuiteDash processes Protected Health Information (PHI) on behalf of either a Covered Entity or a Business Associate (both known as “roles” under HIPAA), then SuiteDash has a Business Associate Agreement that meets industry standards and requirements as well as the HIPAA Security Rule. More information can be found on our SuiteDash and HIPAA page.
PCI stands for the Payment Card Industry. The major payment card brands Visa, MasterCard, American Express, Discover Financial Services, and JCB International established the Payment Card Industry Data Security Standard (PCI DSS) to help merchants prevent payment card data theft.
The SuiteDash platform undergoes continual assessment and scanning by SecurityMetrics, a world-class data & privacy security firm. The current certification status can be found HERE
SuiteDash carries Cyber Insurance with industry-standard coverages intended to help ensure business continuity and data recovery in cases of accidental or intentional loss, corruption, or unavailability of important data caused by a cyber incident. This coverage does not cover you or your organization directly but provides a layer of protection to you in that it helps ensure the continuity of the SuiteDash platform in the unlikely event of a cybersecurity breach, computer fraud, social engineering, cyber extortion, unauthorized misuse or disclosure of personally identifiable information, or unauthorized infringement of intellectual property rights.
We have an internally built system that monitors and automatically blocks suspicious activity (including vulnerability scanning, failed logins, and a host of other suspicious activity). We also have alerts in place for excessive resource use that escalates to our DevOps team for manual investigation.
We have a team dedicated to maintaining your account’s security on our platform and monitoring tools we’ve set up to alert us to any nefarious activity against our domains. To date, we’ve never had a data breach.
We also log and audit internal data access. If a SuiteDash employee wrongly accesses customer data, they will face penalties ranging from termination to prosecution. Again, to our knowledge, this hasn’t happened.
We have processes and defenses in place to keep our streak of 0 data breaches going. But in the unfortunate circumstances someone malicious does successfully mount an attack, we will immediately notify all affected customers.
SuiteDash won’t hand your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when we receive such requests.
All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is securely transmitted one time to a 3rd party payment gateway, which then stores the card information & returns to us only an identifying hash (ID number) that we store. No payment information or credit card numbers are ever stored on SuiteDash’s servers. The SuiteDash platform is fully PCI/DDS Compliant, as audited and confirmed by SecurityMetrics, a world leader in data security and compliance.
Contact Us with additional questions or if you need more details.
Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please Contact Us for details on how to securely submit a report.