We understand that privacy and security are of prime importance, and we're here to let you know that we spend more time on security than just about anything else.

This article outlines how ScalePad Lifecycle Manager uses physical, procedural, and technical safeguards to preserve the integrity and security of your information to protect your data. Protecting the data you trust to Lifecycle Manager is our first priority.


Data security summary

We have a progressive commitment to security excellence. Here's a summary of key points you should know:

  • Multi-factor authentication is available on all accounts

  • We have stringent backup and business continuity processes in place

  • We adhere strictly to both procedural and technical standards for, but not limited to:

    • Credential management and credential requirements

    • Role-based privileged access control, as required

    • Firewalls and locked-down modern, internal systems


Data security standards

When you set up a connection to Lifecycle Manager, we deliberately limit the surface area of the data we access to the bare minimum required. We only use it for the purposes of providing our service to you.

We regularly back up your data to prevent data loss and aid in recovery. We implement access restrictions on all of our systems and servers to better protect your information. All access is logged (including physical access).

With regards to your sensitive payment information, we don’t store that at all. It’s handled by our upstream payment gateway—Stripe.


Data Encryption

Data Protection

Lifecycle Manager uses industry-accepted encryption methods and products to protect Customer Personal Data and communications during transmissions between a customer’s network and our services including encryption for data in transit over public networks and encryption for data at rest.

  • Encryption in Transit

    • All data transferred over public networks is encrypted via HTTPS/Transport Layer Security (TLS).

  • Encryption at Rest

    • Sensitive data at rest is encrypted using at least AES-256 or higher levels of encryption.


Credential encryption

We're happy to share these key points of our security standards surrounding credential encryption.

Passwords

  • Passwords are encrypted with AES-256-bit encryption

    • This includes a 2048-bit RSA public key, with secure random keys that are unique to each password

  • The RSA private keys are encrypted with a secure, random RSA key passphrase

    • These are stored in an isolated bucket, locked down to only allow access from our servers as required for decryption

  • The decryption process takes place server-side

    • The private key passphrases (and private keys themselves) are not stored in the database

    • The private keys are stored in a secured bucket that is only accessible via the servers used for decryption

  • Decrypted password data is never written to disk

  • The web servers themselves are also locked down with multiple firewalls, whitelisting incoming/outgoing traffic, and key-based access.

Access to the Lifecycle Manager platform

  • Access to the entire Lifecycle Manager platform is limited to strong SSL encryption over HTTPS

Important: Credentials stored in Lifecycle Manager can never be recovered


Secure Amazon hosting platform

Amazon’s hosting platform is among the most secure and tested systems in history. Their entire infrastructure is PCI-DSS certified. AWS services maintain PCI-DSS Level 1, SSAE16 SOC 1, SOC 2 and SOC 3, ISO 27001, 27017, and 27018.

The above certifications cover selected AWS services, including their:

  • Security governance

  • Physical security

  • Network infrastructure

  • Change management

  • Administration practices

With these established services, Lifecycle Manager delivers a secure, robust, and reliable application you can trust.


Data storage

We host data in AWS secure SSAE 16 / SOC1 certified data centers.

If you're interested, SOC compliance statements are available on the AWS SOC FAQ page.


Data stored in the Lifecycle Manager platform

As a necessity to provide our service, the hardware asset information that Lifecycle Manager stores are as follows:

  • Asset Name

  • Client and/or Site, Location

  • Asset type

  • Manufacturer

  • Serial number

  • User information

  • Member information per client

  • Software (such as the OS, e.g. Windows 10)

  • Age

  • Purchase date

  • Expiry date

Removing integrations will purge your data
If you choose to remove an integration from your Lifecycle Manager account, all associated data will be purged from our systems.

For more information, including GDPR considerations
If you'd like some more information, please read our Privacy Policy, as well as our Terms and Conditions.

Did this answer your question?