Security Statement

Customer data is one of the most valuable assets a company has. That’s why our top priority is delivering a high-performance solution with a focus on keeping our customers’ data safe and their interactions secure.

Cloud-based software is all about providing uninterrupted, reliable service, making information security a major focus for first-rate   cloud vendors. Skilled resources, network redundancies, religious data back-ups, stand-by power, up-to-date security, and intrusion detection are mandatory components for an enterprise-class service.


We provide our service through a secure connection using HTTPS; which is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide high encryption and secure identification of the server. is EV SSL Certified, independently by COMODO in the UK.

Our high levels of performance, availability, and security are achieved through:

  • Systems security monitoring 24x7x365
  • Active performance and availability monitoring of all data centers 24x7x365
  • Restricted role-based application security with flexible single sign-on, data encryption, on-going vulnerability scanning, and encrypted  offsite backups
  • Security features: password complexity / administrator-based single sign-out / roles and permissions / access restrictions
  • User authentication and access control
  • A secure, multi-tenant network architecture
  • Frequent, human-driven security auditing via network and application penetration testing
  • Automated vulnerability analysis via external platform and application vulnerability scans
  • Static analysis
  • Regular updates rolled out to all customers, ensuring everyone has the latest application and security innovations
  • Employee programs to increase awareness, communication, collaboration, and education on security


WhosOnLocation continually performs risk analysis to achieve the highest level of security. Security concepts and techniques have been integral to our solution’s design right from the beginning and we continue to invest heavily in security improvements for our product, our process, our people, and our technology.

WhosOnLocation performs full security audits of our product and infrastructure regularly, including quarterly third-party audits. Our risk assessment process aligns with the OWASP standard.

Physical Security

Our servers are located in dedicated spaces at top-tier data centres and are protected behind a dedicated firewall. WhosOnLocation servers are hosted at Tier 3, SSAE-16, or ISO 27001 compliant facilities.

Facilities features 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant supplies, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored by both WhosOnLocation and the co-location providers. Only a small group of our employees have physical access to the servers.

Network Security

Our network is protected by firewalls, best-of-class router technology, EV SSL encryption,  file integrity monitoring, and monitoring across a wide range of performance and systems availability. Network security scanning gives us deep insight for quick identification of out-of-compliance systems.

Transmission Security

All communications with WhosOnLocation servers are encrypted by default using industry standard EV SSL. This ensures that all traffic between you and WhosOnLocation is secure during transit. Unlike email-based communication, most of which flows unprotected over the Internet, your communication with WhosOnLocation is completely protected.

Access Control

All access to data within WhosOnLocation is governed by access rights. Every user who attempts to access your WhosOnLocation  account is authenticated by username and password. The administrator of your WhosOnLocation instance may define granular access privileges to individual users, and email notifications alert administrators when someone is granted admin access.

Our security architecture ensures that each request to WhosOnLocation is accompanied by user identity credentials to ensure segregation of customer data.

Application Security

WhosOnLocation maintains a robust application audit log, to include security events such as user logins or configuration changes. Additionally, WhosOnLocation follows secure credential storage best practices by storing passwords using the bcrypt (salted) hash function.


The file systems are snapshotted every five minutes and the snapshots are replicated to all primary DR sites, the snapshots provide a quick delta for changed files to be able to keep up with the live data stream. Databases are replicated from the master to a slave database at each primary and DR site.

Along with the regular file system snapshots, a full daily backup is taken of all systems and stored as a full point-in-time record. The daily backups are aged out over 60 days.

The weekly backups are taken on a Sunday and are stored in perpetuity. At the point when the daily backups are aged out we have stored eight weekly backups over the period, this provides a large overlapping window between short and medium interval views of the system data.

Vulnerability Management

WhosOnLocation and its supporting data security infrastructure are frequently reviewed for potentially harmful vulnerabilities. tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:

  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Selected penetration testing and code review
  • Security control framework review and testing

Vulnerability Testing

3rd Party Penetration tests and vulnerability scans are routinely run by both our customers and ourselves. We utilize the expert services of Security

We do not share or disclose the results of vulnerability and penetration tests, whether they are run by customers or ourselves however; we do ask that the resulting report from any customer-driven vulnerability and penetration test is shared with WhosOnLocation so that we can review and address any identified vulnerabilities.

We are more than happy to share, in confidence, a copy of the scope of the 3rd-party audits we run via Security

How do I request permission to run my own Vulnerability Test?

If you would like to run your own 3rd-Party Vulnerability Test against WhosOnLocation please send an email to (Please note customer-driven and requested vulnerability tests are at the customers cost.

WhosOnLocation Employees and Agents

In line with industry best practice for protecting the confidentiality of our Customers Data, all WhosOnLocation employees and agents agree to our Privacy Policy. Specifically they agree and understand that Customer Data is the IP of the Customer and shall not be accessed without the prior written consent of the Customer, and/or copied, shared or disseminated to any Party without the prior written consent of the Customer.

Contact for Questions about our Security Statement:

If you have any questions about the Security Statement, the practices of this Web site Service, or your dealings with us, you may contact us by sending an email to:

Email at or by writing to:

Attn: Security Statement
WhosOnLocation Customer Services
WhosOnLocation Ltd
P.O. Box 27023
Marion Square, Wellington, New Zealand 6141


Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request