Security and Data Protection Details
As the market leaders for online room booking software, with millions of bookings added to date, we are fully registered with the Data Protection Act under number ZA009035, Cyber Essentials certified and take all necessary steps to ensure your data is handled and processed securely.
Data we store
We only store data relevant to providing online room booking:
- User Data: username, name, email, department, hashed password (irreversible)
- Booking Data: date/time, room, booking notes entered with booking
- Room Data: name, category
- Timetable Data: day of week, time, subject, class name, teacher name
Uptime is of critical importance to us. We use load balanced servers with automatic failover operating at below half capacity. In addition all servers are behind redundant hardware firewalls. This means even if one of our servers was to completely fail, another would seamlessly take over. Therefore your data is synced in real time over two live servers.
Our selected UK data centre (UKFast.co.uk) is ISO 27001 & ISO 9001 accredited and ranks amongst the very best in the industry. Security staff 24/7, extensive CCTV covering the building and each aisle, intruder alarms, proximity card readers and perimeter prison fencing maintain a physical security layer to our servers.
We apply the latest patches to our servers keeping your data safe and secure with multiple levels of password protection - the servers themselves and the database each are password protected. The managed hosting provider performs annual penetration testing and monitors our firewalls for any unauthorised activity and would immediately inform us should anything happen which we'd in turn pass onto our customers. This has not happened to date.
Our employees have access to the data - we're a small team that's been providing hosted software to schools for over 10 years. As we use managed hosting providers, the qualified engineers also have access to the data and they pass the advanced CRB check.
We take hourly offsite backups of your data to another EU based data centre in the event of a catastrophic (and very unlikely) data centre failure. These are encrypted using the AES 256 bit algorithm which is the same level used by governments. If you chose to remove your data from the system, this would be removed from the live database but would exist in our backups until they've fully rolled over. We maintain around 2 months worth of backups.