In regards to data storage, our primary hosting provider SiteHost maintains and follows the AS/NZS ISO/IEC 27002 compliant Information Security Policy, published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).
- Physical and Environmental security
- Human Resource security
- Access control
In regards to application development, our application framework of choice Laravel incorporates a number of security-first features.
- Inbuilt CSRF security, input validation and encrypted sessions
- Inbuilt protection against SQL injection and related exploits
- Inbuilt protection against cross-site request forgery and cross-site scripting
- All customer database data is securely stored in New Zealand (covered by AS/NZS ISO/IEC 27002 noted above)
- Where requested, we can store database data using Amazon Web Services (AWS)
- User access to data is encrypted and protected end-to-end by SSL technology
- For online accounts, all passwords are encrypted and securely stored (that is, no passwords are stored as plain text)