Security Overview

Security Overview

SuiteDash is the leading All-in-One Business Software platform specializing in collaborative work management and business process automation. Our Mission is to help business owners around the world achieve #SuiteFreedom by leveraging the power of systems, processes & automations!

We are dedicated to making SuiteDash the most secure and reliable collaborative work management and business process automation platform on the market. We are committed to protecting your personal and company data and ensuring secure collaboration within our platform, which is why we have always, and continue to invest in the security of our services not only to meet but exceed industry standards.

Uptime Over 99.9%

Over years of continuous service, SuiteDash has consistently met or exceeded a 99.9% uptime, ensuring you, your Staff and your Clients can access your Organization’s Portal when needed, without interruption. Current uptime status and a history for the last 90 days can always be accessed at https://status.suitedash.com/

Physical Security

Data Center Details

SuiteDash is powered by the industry standard Amazon AWS technology stack. This means your data is safely stored in ‘best in class’ data centers around the globe every day. Data center locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather, and seismic activity. Data centers are designed to anticipate and tolerate failure while maintaining service levels. In case of failure, automated processes move traffic away from the affected area. Core applications are deployed to an N+1 standard, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

  • Keycard protocols, biometric scanning protocols, and round-the-clock interior and exterior surveillance monitor access to every one of our data centers.
  • Every data center employee undergoes multiple and thorough background security checks before they’re hired.
  • Only authorized data center personnel are granted access credentials to our data centers. Any employee or contractor who needs data center access must first apply for access and provide a valid business justification. These requests are granted based on the principle of least privilege, where requests must specify to which layer of the data center the individual needs access and are time-bound. Requests are reviewed and approved by authorized personnel, and access is revoked after the requested time expires. Once granted admittance, individuals are restricted to areas specified in their permissions. Any contractors approved for access are granted visitor badge access, must present identification when arriving on site, and are signed in and escorted by authorized staff.
  • Physical access points to server rooms are recorded by Closed Circuit Television Camera (CCTV). Images are retained according to legal and compliance requirements. Physical access is controlled at building ingress points by professional security staff utilizing surveillance, detection systems, and other electronic means. Authorized staff utilizes multi-factor authentication mechanisms to access data centers. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open.
  • Electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Ingress and egress points to server rooms are secured with devices that require each individual to provide multi-factor authentication before granting entry or exit. These devices will sound alarms if the door is forced open without authentication or held open. Door alarming devices are also configured to detect instances where an individual exits or enters a data layer without providing multi-factor authentication.
  • Data center electrical power systems are designed to be fully redundant and maintainable without impact on operations, 24 hours a day. Data centers are equipped with back-up power supplies to ensure power is available to maintain operations in the event of an electrical failure for critical and essential loads in the facility.
  • Data centers use mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages. Personnel and systems monitor and control temperature and humidity at appropriate levels.
  • Data centers are equipped with automatic fire detection and suppression equipment. Fire detection systems utilize smoke detection sensors within networking, mechanical, and infrastructure spaces. These areas are also protected by suppression systems.
  • Third-party testing ensures appropriately implemented security measures are aligned to established rules needed to obtain security and privacy certifications. Depending on the compliance program and its requirements, external auditors may perform testing of media disposal, review security camera footage, observe entrances and hallways throughout a data center, test electronic access control devices, and examine data center equipment.

Continuous Data Backup

SuiteDash’s data backup model provides near real-time database replication to ensure customer data is both backed up and available on redundant and geographically dispersed servers. Full backups are performed many times daily and are stored encrypted in an environment physically separated from the primary servers to ensure fault tolerance.

Network and System Security

Tenable Network Security Infrastructure

SuiteDash uses industry-standard network protection procedures, including network segregation using VLAN’s, firewall and router technologies, intrusion detection and prevention systems, centralized log aggregation, and alert mechanisms. These procedures are used in conjunction with secure connectivity, including secure channels and multi-factors for authorized systems operations group personnel. This allows us to prevent, detect, and promptly remediate the impact of malicious traffic and network attacks.

Regular Updates and Patch Management

Ongoing internal network security audits and scanning gives us an overview for quick identification of impacted systems and services. According to our in-house patch management policy, operating systems, software, frameworks, and libraries used in SuiteDash infrastructure are updated to the latest versions on a regular basis. Whenever a vulnerability in a product used by SuiteDash or a high or critical vulnerability is publicly reported, prompt actions are taken to mitigate any potential risks for our customers — we apply hotfixes and patches promptly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS.

System Integrity Protection

SuiteDash uses operating system-based and automated integrity check services to ensure the integrity of all critical files and system objects. A quick response to any potential unauthorized changes to the system helps ensure our customers are exposed only to SuiteDash-approved application experiences.

Application Security

Your Data & Files are Encrypted

SuiteDash uses Transport Layer Security (TLS) 1.2 with a preferred AES 256 bit algorithm in CBC mode and 2048-bit server key length with industry-leading modern browsers. When you access SuiteDash via web browser or via the PWA mobile application, TLS technology protects your information using both server authentication and data encryption. This is equivalent to network security methods used in banking and leading e-commerce sites.

All data is encrypted while in transit and at rest. A variety of security layers are in place to prevent unauthorized access to the underlying data, including IP-restricted access and intrusion-resistant firewall prevented access. All databases are required to accept only encrypted connections from pre-defined data sources.

User files uploaded to SuiteDash’s servers via both web application and API are automatically encrypted with AES 256 using per-file keys. If someone were to gain physical access to the file storage, this data would be encrypted and impossible to read directly. These encryption keys are stored in a secure key vault, which is a separate database decoupled from the file storage layer.

All user passwords are validated against password policies and stored securely using a strong hashing algorithm with a unique salt for every password. All users’ passwords, cookies, and sensitive information are reliably protected from eavesdropping.

Application Security Protocols

An in-depth Application Security Lifecycle process is fully integrated into SuiteDash’s Software Development Lifecycle (SDLC), including:

  • Defined in-house security requirements, policies, and industry security best practices applied in every stage of the lifecycle.
  • Ongoing security review of architectures, design features, and solutions.
  • Iterative manual and automated (using static code analyzers) source code review for security weaknesses, vulnerabilities, and code quality, plus development team advisory and guidance.
  • Regular manual assessment and dynamic scanning of pre-production environment.
  • Security trainings conducted for IT teams according to their respective job roles.

User Authentication

Each user in SuiteDash has a unique, password-protected account with a verified email address. The password is validated against password policies and stored securely using a strong hashing algorithm with a unique salt for every password. In addition, 2-Factor Authentication is available as an added security measure to protect SuiteDash accounts. SuiteDash also offers advanced security settings that allow customers to manage Password Security Policy. More details can be found in our Help Section.

The SuiteDash Help Team is always happy to assist you with any SuiteDash-related issues. If troubleshooting or diagnosing an issue requires the Help Team to access your account, that permission can be granted only by you. Detailed logs are recorded each time the Help Team accesses your account in this way – these logs are routinely reviewed. This systemic approach lets us provide world-class support and ensures additional confidentiality for your data stored in SuiteDash.

If you or one of your users loses access to the SuiteDash platform due to failure to pass 2-Factor Authentication, we are able to help restore access, but there will be a specific set of security procedures that must be completed. We enforce these policies to protect against social engineering and malicious actors.

Data Sharing and Role-Based Access Control

In each individual SuiteDash account, an appropriate administrator/staff member manages and controls individual user rights by granting specific Roles, Circles and/or Custom Menu visibility.

Customer data, including Messages, Dashboards, Pages, Projects/Tasks and Files/Folders, can only be accessed by other users within your SuiteDash account if those items were specifically shared with them, or if the items were placed in Shared Folders.

Incident management and disaster recovery

We practice regular recovery drills where we test diverse disaster and failure scenarios. We perform hourly backups of all databases, and files are backed up automatically after they are uploaded to SuiteDash. Our backups are tested on a regular basis and are stored off-site for a maximum of 30 days. We have procedures for responding to incidents managed by our dedicated Operations and Security, Infrastructure and DevOps teams. In the event of an incident, we will contact you within 24 hours and offer the best possible options for moving forward.

Data Deletion

All your content will be inaccessible immediately upon cancellation. If 180 days have passed after your cancellation date, all your content will be permanently deleted from all servers and logs. This information can not be recovered once it has been permanently deleted. Additionally, all data will be permanently deleted from backups if 180 days have passed after your cancellation date.

Privacy and Compliance

GDPR Compliance

For customers who request it, we have a Data Processing Addendum that outlines the obligations SuiteDash has in its role as a provider of the SuiteDash Service to our customers. This may include obligations related to the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). More information can be found on the GDPR Commitment page.

HIPAA Compliance

The Health Insurance Portability and Accountability Act provides security provisions and data protection for safeguarding medical information. If SuiteDash processes Protected Health Information (PHI) on behalf of either a Covered Entity or a Business Associate (both known as “roles” under HIPAA), then SuiteDash has a Business Associate Agreement that meets industry standards and requirements as well as the HIPAA Security Rule. More information can be found on our SuiteDash and HIPAA page.

PCI/DDS Compliance

PCI stands for the Payment Card Industry. The major payment card brands Visa, MasterCard, American Express, Discover Financial Services, and JCB International established the Payment Card Industry Data Security Standard (PCI DSS) to help merchants prevent payment card data theft.

The SuiteDash platform undergoes continual assessment and scanning by SecurityMetrics, a world-class data & privacy security firm. The current certification status can be found HERE

Privacy Policy

The SuiteDash Privacy Policy has been carefully cultivated to address your privacy concerns and your rights with regard to your personal data.

Cyber Liability Insurance

How Cyber Insurance protects you

SuiteDash carries Cyber Insurance with industry-standard coverages intended to help ensure business continuity and data recovery in cases of accidental or intentional loss, corruption, or unavailability of important data caused by a cyber incident. This coverage does not cover you or your organization directly but provides a layer of protection to you in that it helps ensure the continuity of the SuiteDash platform in the unlikely event of a cybersecurity breach, computer fraud, social engineering, cyber extortion, unauthorized misuse or disclosure of personally identifiable information, or unauthorized infringement of intellectual property rights.

Constant Monitoring

Internal Systems & Processes

We have an internally built system that monitors and automatically blocks suspicious activity (including vulnerability scanning, failed logins, and a host of other suspicious activity). We also have alerts in place for excessive resource use that escalates to our DevOps team for manual investigation.

We have a team dedicated to maintaining your account’s security on our platform and monitoring tools we’ve set up to alert us to any nefarious activity against our domains. To date, we’ve never had a data breach.

We also log and audit internal data access. If a SuiteDash employee wrongly accesses customer data, they will face penalties ranging from termination to prosecution. Again, to our knowledge, this hasn’t happened.

We have processes and defenses in place to keep our streak of 0 data breaches going. But in the unfortunate circumstances someone malicious does successfully mount an attack, we will immediately notify all affected customers.

Law Enforcement

Our Commitment to Due Process

SuiteDash won’t hand your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we’re legally prevented from it, we’ll always inform you when we receive such requests.

Your transactions with SuiteDash

All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is securely transmitted one time to a 3rd party payment gateway, which then stores the card information & returns to us only an identifying hash (ID number) that we store. No payment information or credit card numbers are ever stored on SuiteDash’s servers. The SuiteDash platform is fully PCI/DDS Compliant, as audited and confirmed by SecurityMetrics, a world leader in data security and compliance.

Want to know more?

Contact Us with additional questions or if you need more details.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please Contact Us for details on how to securely submit a report.