Our client's confidence and data security is important to our team
TeamTracker’s Commitment to Accuracy, Trust & Security
Prior to starting TeamTracker we had a goal in mind about how to create a secure system for remote team managers.
We built TeamTracker to strive for 100% accuracy, trust, and security.
TeamTracker runs on Heroku, a modern infrastructure for cloud-based applications. Heroku is specifically designed to protect customers from threats by applying security controls at every layer.
Heroku utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon is an industry leader in designing, constructing, and operating large-scale data centers.
AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Only employees with a legitimate business need have access to the data center. The authorized staff must pass two-factor authentication no fewer than three times to access data center floors.
Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Heroku undergoes penetration tests, vulnerability assessments, and source code reviews to assess the security of their application, architecture, and implementation. Issues found in Heroku applications are risk ranked, prioritized, assigned to the responsible team for remediation.
Data is transmitted to and from Heroku using bank-level 256-bit SSL encryption. In addition,
- Encrypts sensitive data at rest using BCrypt
- Links to documents are protected with signed URLs that expire
- User sessions are secured with an expiring access token
- Audit trails for available for all user behavior
In order for us to provide some of our services, we may need access to your company’s payroll account, insurance accounts, and accounts from other third-party institutions.
However, you can stop using TeamTracker at any time for any reason. Upon written request, we will permanently delete all your company data, all of your third-party account info, and all employee data from our records within 30 days (but typically sooner). Should you need it, your data will be available for export to an authorized representative of your company prior to deletion.
All access and changes to your company and employee information is logged to assist with troubleshooting and investigations. The audit trail is readily accessible to all customers directly from the interface.
TeamTracker limits access to your nonpublic personal information to employees that have a business reason to know such information. We implement security practices and procedures designed to protect the confidentiality and security of such information and prohibits unlawful disclosure of such information.
Further, the TeamTracker employees directly responsible for managing customer accounts have all passed a pre-employment background check and are licensed health insurance agents.