Your data is sent using HTTPS, and encrypted at rest.
When your data is moving between you and us, everything is encrypted and sent securely using HTTPS. We also encrypt your data at rest using Advanced Encryption Standard (AES).
We host on Amazon Web Services
The Hug Group data is hosted on AWS cloud platform. This places your data in their European data centres.
Using AWS means we take advantage of their rigorous security standards and reliance, servers and firewalls are always up to date. You can read more about their specific standards and procedures here:
We don’t store your debit/credit card information.
All our payments are processed through Stripe. They are a PCI Service Provider Level 1 organisation – the most stringent certification level available in the payment industry.
Using Stripe means we don’t need to store your payment card details, they are sent encrypted direct to Stripe, we don’t store them anywhere.
You can read more about security at Stripe here:
Your passwords are hashed
We hash your passwords using a PBKDF2-based function to help keep them more secure and reduce the vulnerability of encrypted keys to brute force attacks, but that’s no reason not to create a strong password in the first instance.
We encourage you to understand, and educate your employees on what makes a strong password, and use them accordingly, maybe test score a password below.
Keeping your data secure
Keeping customer data safe is a huge responsibility and our top priority. We work hard to protect our customers data from the latest threats. This is not a one time effort, it’s a continual process that we monitor and work on.
Security issues come to light through different means and activities, from articles in technical press, discovery during routine work, and through our internal reviews and vulnerability scans.
How we deal with security issues
When we discover a security threat we follow this process:
1. Understand the nature of the threat.
2. Assess the risk of the threat to our customers data – bearing in mind the likelihood of breach and the impact of a possible breach.
3. Scope the work required to mitigate or eliminate the risk.
4. Prioritise any work according to the results of this risk assessment.
5. Once the issue is resolved we’ll post an update on our website
Reporting security problems
We’ll get back to you as soon as we can, usually this will be in 2 hours during week days, but we do check in at weekends too.