Security at GoProposal

The security of your data is of extreme importance to us here at GoProposal. Security maintenance includes...

SSL

  • All customer interaction with GoProposal servers is encrypted through the use of Extended Validation SSL. Our EV SSL certificates use the strongest SHA-2 & 2048-bit encryption to protect your data.

 

Data Retention

  • All data is backed up offsite daily for recovery from disasters and stored in Google Data Centres in the USA.
  • GoProposal stores the minimum amount of data required in order to provide our services.
  • Customer, proposal and pricing data must be stored by GoProposal, but credit cards details are stored by PCI compliant service partners.

 

Financial Security

  • Credit card details are never stored by GoProposal. Credit cards are transmitted directly to our payment providers over SSL connections and are not logged or stored in GoProposal systems.
  • Subscription payments are processed by Stripe, a PCI-DSS Level 1 compliant service provider.

 

Password Security

  • To maximise your safety, GoProposal recommend your password be at least 10 characters with a mixture of letters, numbers and punctuation characters.
  • We recommend that the password you use for GoProposal is unique and not used for any other web sites. A password manager such as LastPass is recommended to manage your passwords.
  • No plain text admin passwords are stored at any time.
  • You can also activate 2 Factor Authentication (2FA) for access to the admin area of your account. 2FA lets you implement strong account security, protects your account against unauthorized access and is SOC2 compliant for security, as audited by the American Institute of CPAs.
  • We also have a 10 attempt limit across admin passwords to prevent any malicious attacks.

 

Vulnerability Management

  • Software libraries used by GoProposal are actively kept up to date. Any security fixes or patches are treated as top priority and are applied as quickly as possible.