Security

Shiftboard’s Data Policies

The protection, security, and privacy of your data is of utmost importance. Shiftboard uses industry leading technology and practices to ensure the integrity of your data. We use encryption, application security, infrastructure, penetration testing, and single sign-on to ensure your data is protected. Learn more about Shiftboard and GDPR.


Encryption

Shiftboard products utilize 256 bit SSL encryption. This ensures all communications to and from Shiftboard products are encrypted and protected. It is one of the most secure encryption methods today, and is typically used for data in transit, or data traveling over a network or internet connection. However, it is also implemented for sensitive data such as financial, military, and government owned data.

Application Security

Shiftboard products offer multiple layers of application security including:

  1. 256 bit SSL encrypted login to ensure maximum security in data transfer.
  2. Sharded data where customer data is separated into different data partitions to ensure no data overlap or loss.
  3. Customer account data is separated between different company locations and user levels to ensure there is no chance for data being shared between franchises or user levels.

Infrastructure

ScheduleFlex runs on AWS cloud infrastructure. AWS is backed by Amazon’s 99.99% uptime service level agreement.

SchedulePro runs on Microsoft® Azure. Azure is backed by Microsoft’s 99.99% uptime service level agreement.

Single Sign On

Shiftboard products support Single Sign On (SSO), a property of access control for multiple related, yet independent, software systems. SSO allows users to login to connected systems with a single ID and password by leveraging SAML and SAML2. Each product supports a number of SSO providers like Shibboleth, Okta, ADFS, Onelogin, Google ID, Ping Identity and more.

GDPR

The General Data Protection Regulation (GDPR) is a new comprehensive data protection law that went into effect on May 25, 2018, in the EU. GDPR strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. To learn more about Shiftboard’s approach to GDPR, see our GDPR policy details.

SOC 2

SOC 2 is a security framework developed by AICPA that specifies how organizations should protect customer data based on five criteria: security, availability, processing integrity, confidentiality, and privacy. Shiftboard is committed to investing in resources to protect the information entrusted to us, and we are proud to comply with SOC 2 standards.

Questions

Security is of the utmost importance to Shiftboard. We mitigate security risks through applying best practices and active monitoring. However, if you have any security concerns, or notice any possible security issues, we encourage you to reach out to privacy@shiftboard.com. Please see our privacy policy for a breakdown of how we handle potential issues.