Security and Privacy

Punchzee is committed to maintaining the highest level of data security and privacy for its users. Through rigorous code auditing, strong encryption, and strict access controls, Punchzee ensures the safety of customer data.

1. Introduction

This whitepaper provides an overview of the data security and privacy measures implemented by Punchzee, a cross-platform field management app for industries ranging from construction to compliance. Punchzee is dedicated to ensuring that all customer data is secure, and access is strictly controlled. This document will outline the security measures and standards followed by Punchzee, as well as the security features provided by our infrastructure partners.

2. Code Auditing and Release Process

The code base of Punchzee is regularly audited by both our senior security architects and by industry-standard security auditing tools. Changes to the code base are tracked and subject to an auditing and approval process carried out by our senior security architects always before being released to production.

Native apps are signed with Extended Validation (EV) signing certificates, ensuring authenticity, and providing an additional layer of security. Our native apps undergo an external security auditing before they are released to their respective app stores.

3. Data Encryption and Server Security

All data transmitted between Punchzee apps and cloud servers is encrypted using TLS. We employ advanced server routing and TLS certificate management systems. A load balancer and security groups are configured to act as a virtual firewall to only allow HTTP(S) requests to pass through to servers, with all other ports being blocked for optimal security. Our server instances are situated in the USA and in a private subnet, ensuring there is no direct public access to the servers.

4. Database Security

User data sent from apps to the cloud servers is stored in a database located in the USA. The database system is designed to be highly secure, with features such as data encryption at rest and in transit, network isolation, and resource-level permissions. It is also compliant with key industry standards, including GDPR, HIPAA, and PCI DSS.

5. Cloud Storage Security

Punchzee stores files sent from the app to the cloud servers on an advanced cloud storage system located in the USA. This system employs state-of-the-art security measures, such as data immutability, end-to-end encryption, and access controls. Data stored is encrypted at rest using server-side encryption with Advanced Encryption Standard (AES) 256-bit keys. It is compliant with a range of industry standards, including HIPAA, CJIS and the EU GDPR.

6. Payment Security

A secure platform is used for processing payments within Punchzee. This platform is compliant with the strictest industry standards, such as PCI DSS Level 1. All transactions processed are encrypted using TLS and Secure Sockets Layer (SSL) technology, ensuring that sensitive payment information is kept secure. The platform also utilizes machine learning algorithms and real-time monitoring to detect and prevent fraudulent transactions.

7. Data Retention, Backups, and Immutability

Punchzee is committed to ensuring data integrity and availability through a comprehensive data retention and backup strategy. Regular backups of both the database and file storage are taken and securely stored in separate USA locations to prevent single points of failure and facilitate quick recovery in case of system failures or unexpected events.

File storage is made immutable using a cloud storage system's data immutability feature, which prevents accidental or malicious alteration or deletion of stored files. Infinite retention is applied to stored files by default, with adjustments made by our security architects when necessary for specific situations or legal compliance.

8. Employee Access Controls

Punchzee has strict controls on employee access to customer data. Only a few employees, senior security architects, are granted access and even then, only for mandatory reasons. Access is restricted through IP-based rules, logged, and monitored. In addition, device-based two-factor authentication (2FA) is required before access is granted.

9. Conclusion

Punchzee is committed to maintaining the highest level of data security and privacy for its users.

Through rigorous code auditing, strong encryption, and strict access controls, Punchzee ensures the safety of customer data. By partnering with industry leaders, Punchzee leverages their advanced security measures and compliance with industry standards to provide a secure and reliable field management app for its customers. For further information about Punchzee's privacy practices, please refer to our Privacy Policy at:

https://www.iubenda.com/privacy-policy/31651108

We are dedicated to continually improving our security measures, staying up-to-date with the latest technologies and industry best practices, and being transparent with our customers about how their data is protected.

If you have any questions or concerns regarding Punchzee's data security and privacy measures, please feel free to contact our support team. We are committed to addressing any issues and providing the necessary information to ensure our users have confidence in the security and privacy of their data while using Punchzee's services.

Request Punchzee demo