All customer data is encrypted in transit and at rest. Our application currently supports TLS 1.2 only, older protocols are disabled. Storage encryption is provided by Amazon KMS and we are using AWS managed keys.
We understand the importance of reliability and aspire to a 99.9% uptime. We continually monitor uptime through third parties like StatusPage.
When your kiosk or application is connected to a network, visitor/employee/contractor data syncs to WhosOnLocation automatically, and all records are stored in WhosOnLocation's database. Backups are taken every day and stored offsite. WhosOnLocation never stores customer data on local devices or any other internal network.
With respect to the Physical security of our Data Centres; our servers are located in dedicated spaces at top-tier data centers and are protected behind a dedicated firewall. WhosOnLocation is hosted in AWS data centers that have been certified as ISO-27001, PCI/DSS Service Provider Level1 and/or SOC II compliance. Our global Security Team is on call 24/7 to respond to security alerts and events. We are committed to protecting the security of our customer’s information. .
Facilities features 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant supplies, each with UPS and backup generators. All systems, networked devices, and circuits are constantly monitored by both WhosOnLocation and the co-location providers. Only a small group of our employees have physical access to the servers.
When a customer registers their account they are asked to select the country they are in. WhosOnLocation operates data centres in several regions. We refer to these as ‘server regions’. They are the United States, United Kingdom, Europe, Australia, and Canada. The country you are in determines the server region your account data will be hosted in. WhosOnLocation never stores customer data on local devices or any other internal network.
We have a strict policy to respect the privacy of sensitive customer data: we will never sell your visitor/contractor/employee data, and we will not contact your visitors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.