Enterprise-grade security.
ShiftTracker runs on UK/EU cloud infrastructure with TLS in transit, encryption at rest, hardened authentication, and role-based access controls, backed by documented incident response. Our hosting provider is independently audited to SOC 2 Type II.
How does ShiftTracker protect customer data?
Security controls include UK/EU cloud infrastructure, encryption at rest, encryption in transit with TLS, hardened authentication (hashed passwords, account lockout, rate limiting), role-based access controls, and documented incident response procedures.
UK/EU Cloud Infrastructure
ShiftTracker runs on UK/EU cloud infrastructure whose provider is independently audited to SOC 2 Type II, supporting data residency requirements.
Encryption at Rest
Data is encrypted at rest by our cloud infrastructure.
TLS in Transit
Data is encrypted in transit using TLS, with HTTPS enforced (HSTS).
Hardened Authentication
Passwords are hashed with bcrypt, repeated failed sign-ins are locked out, and authentication is rate-limited.
Role-Based Access
Role-based access controls restrict data to authorised users within each organisation.
Documented Incident Response
Security incidents follow documented procedures including containment, required notifications, and post-incident review.
Is ShiftTracker GDPR compliant?
ShiftTracker is built to align with UK GDPR and is hosted on UK/EU cloud infrastructure to support data residency and compliance requirements.
| Area | Status | Details |
|---|---|---|
| UK GDPR | Aligned | Built to align with UK GDPR |
| Cloud Infrastructure | Active | UK/EU cloud infrastructure for data residency |
| Hosting Provider | Active | Independently audited to SOC 2 Type II |
| Encryption in Transit | Active | TLS, with HTTPS enforced (HSTS) |
| Encryption at Rest | Active | Provider-managed encryption at rest |
| Access Security | Active | Hashed passwords, account lockout, rate limiting, RBAC |
| Incident Response | Active | Documented procedures with required notification timelines |
Where is ShiftTracker data stored?
ShiftTracker runs on UK/EU cloud infrastructure for performance and data residency. Regular automated backups support disaster recovery.
Need more details?
For security or data protection questions, contact our team and we will share the relevant policy details.