Security at GoProposal

The security of your data is of extreme importance to us here at GoProposal. Security maintenance includes...

SSL

  • All customer interaction with GoProposal servers is encrypted through the use of Extended Validation SSL. Our EV SSL certificates use the strongest SHA-2 & 2048-bit encryption to protect your data.

 

Data Retention

  • GoProposal stores the minimum amount of data required in order to provide our services as outlined in our Privacy Notice.
  • Your client’s data is stored and backed up offsite daily for recovery from disasters in Amazon Data Centres in the UK.
  • Your personal data is stored and backed up offsite daily for recovery from disasters in Data Centres in the UK & US so that we can communicate with you and enhance the delivery of our service.
  • Customer, proposal and pricing data must be stored by GoProposal, but credit cards details are stored by PCI compliant service partners. See below.

 

Financial Security

  • Credit card details are never stored by GoProposal. Credit cards are transmitted directly to our payment providers over SSL connections and are not logged or stored in GoProposal systems.
  • Subscription payments are processed by Stripe, a PCI-DSS Level 1 compliant service provider.

 

Password Security

  • To maximise your safety, GoProposal recommend your password be at least 10 characters with a mixture of letters, numbers and punctuation characters.
  • We recommend that the password you use for GoProposal is unique and not used for any other web sites. A password manager such as LastPass is recommended to manage your passwords.
  • No plain text admin passwords are stored at any time.
  • You can also activate 2 Factor Authentication (2FA) for access to the admin area of your account. 2FA lets you implement strong account security, protects your account against unauthorized access and is SOC2 compliant for security, as audited by the American Institute of CPAs.
  • We also have a 10 attempt limit across admin passwords to prevent any malicious attacks.
  • If your app is inactive for a period of 24 hours, then you will be automatically logged out.

 

Vulnerability Management

  • Software libraries used by GoProposal are actively kept up to date. Any security fixes or patches are treated as top priority and are applied as quickly as possible.