We aim to be clear and open about the way we handle security at Simple Tuition Solutions.
Data is sent using HTTPS
All data in transit between you and us is encrypted and sent using HTTPS. Any files which you upload to us are stored and are encrypted at rest.
All data is written to multiple disks and is backed up daily. Backups of data are encrypted using GPG. We have well-tested backup and restoration procedures, which allow us to recover from a disaster. Backups are frequently tested to confirm that our processes work as expected.
All of our application and data infrastructure is hosted on Amazon Web Services (AWS). Network access is restricted by firewalls and is carefully monitored.
Our software is regularly updated with the latest security patches.
We submit a self assessment (SAQ A 3.2) for PCI compliance, which is good for one year each time. A copy of our PCI compliance certificate is available upon request as well as the results of our latest vulnerability scan. We use a third party to process credit card information securely.
STS itself has not completed a SOC audit. Copies of the SOC reports for the data centers we use are available upon request.
All sensitive information and passwords are one-way encrypted at rest using industry best practices and are filtered from our logs. Access to certain pieces of personally identifiable information is restricted to authorized employees.
Still have questions?
If you have any additional questions or concerns regarding security, we are happy to answer them. Please contact us at firstname.lastname@example.org.