Security at HandsHQ

At HandsHQ, we take your trust very seriously. We carry out a number of measures to protect your privacy and your data and are committed to transparency and industry best practices.

Infrastructure

Uptime

HandsHQ is committed to delivering a high-availability platform. We have uptime of 99.6% or higher.

Hosting

HandsHQ’s servers and databases are hosted in the cloud within the EU. Some data such as database backups and database snapshots are stored in US data centres. We maintain data processing agreements with our cloud partners.

Security

Encryption in transit

All browser connections and communication are encrypted and transmitted over TLS (formerly known as SSL). Our servers only support 128- or 256-bit cipher suites over TLS 1.1 or higher, protecting against unauthorised disclosure, modification, and replay attacks.

Encryption at rest

Our policy is to only select cloud partners that encrypt all physical media on which customer data resides, including database and backups. In the unlikely event of a physical breach of underlying infrastructure (i.e., if someone broke into the data centre and removed the disk drives), your data would be protected.

Penetration testing

Our production environment undergoes penetration testing bi-annually, using industry standard tools to replicate hacking attacks.

Vulnerabilities

We use a number of tools to proactively identify known security vulnerabilities. Our policy is to resolve critical vulnerabilities within 72 hours.

Software development life cycle (SDLC)

HandsHQ products are designed with security that aims to meet OWASP standards for web applications.

At least annually, engineers participate in web application security training covering OWASP Top 10 Application Security Risks.

SAML Single Sign-On (SSO) & Two-factor authentication (2FA)

HandsHQ supports Single Sign-On via Okta and Microsoft Entra ID allowing users to access the app securely with their existing SSO credentials.

Two-factor authentication (2FA) provides an additional layer of security, requiring a second verification method during sign in.

Data integrity and continuity

Backups

Daily database backups are carried out every day. Further, with rollback functionality we can restore a database from any point in time within the past 7 days.

Disaster recovery

HandsHQ’s disaster recovery procedure is tested every 6 months to ensure the integrity of data and that the engineering team are familiar with the process.

Data protection

GDPR

We aim to be transparent about where your data resides with us and how it is handled. We have recently updated our privacy policy and terms of service to explain this in more detail. However, if you would like any further information or to exercise your rights please email our Data Protection Officer.

Data deletion

It is our policy that ex-customer data be deleted within two years of contract termination. Customer data can also be deleted on request.

Certification

HandsHQ is certified for ISO 9001 and ISO 27001. Our ISO 9001 and ISO 27001 certificates, policy and statement of applicability (SOA) are available to customers on request.