1. Our commitment to security
Outfield is a web and mobile cloud application used worldwide by enterprises, teams, and individuals to improve their outside sales and field marketing operations. Outfield utilizes security best practices and manages application security so our customers can concentrate on their business. Here at Outfield, we are committed to inspiring trust and protecting the privacy of our customer’s data. It is this commitment that motivates our decision making every day and our team holds this responsibility in the highest regard.
2. Data security practices
Each organization on the Outfield platform is segregated from other organizations and cannot interact with other organizations or users in other areas of the application. This restrictive system is designed to prevent security and privacy issues. Customer data may be further segregated into an independent database or an independent environment at an additional cost. Customer data is stored in a Postgres database and we utilize industry leading security practices such as 2048 bit Industry Standard SSL, encrypted passwords, and token based authentication for the API (used by the Outfield mobile apps to access the data). Customized data security options are also available via an Outfield SaaS agreement upon request.
3. Data centers
Outfield’s physical infrastructure is maintained by Heroku which utilizes Amazon’s secure data centers and the Amazon Web Service (AWS) technology. Heroku and Amazon continually manage risk and undergo recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
For additional information on Heroku security see: https://www.heroku.com/policy/security
All applicable data transferred to and from the Outfield platform is encrypted using industry leading security standards. Outfield uses a 2048 bit Industry Standard SSL Certificate with 99.9% browser compatibility and 128/256 bit encryption. Outfield also uses PCI compliant payment processor Stripe for encrypting and processing credit card payments. Outfield’s infrastructure provider is PCI Level 1 compliant. Passwords are also encrypted and thus the password itself is not stored.
Application data is automatically backed up as part of the deployment process on secure, access controlled, and redundant storage. These backups are used to automatically bring the application back online in the event of an outage. Customer data in the database uses Continuous Protection to keep data safe. Every change to your data is written to write-ahead logs, which are shipped to multi-datacenter, high-durability storage. In the unlikely event of unrecoverable hardware failure, these logs can be automatically 'replayed' to recover the database to within seconds of its last known state. We also provide you with the ability to backup your database to meet your own backup and data retention requirements.
6. Additional information
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new European privacy regulation which replaces the EU Data Protection Directive called Directive 95/46/EC. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. We are big fans of GDPR here at Outfield because we think it gives individuals important rights over their data. Outfield is committed to always operating in the best interests of our customers and this includes compliance with GDPR. Outfield's policy regarding GDPR compliances can he viewed at https://www.outfieldapp.com/gdpr
If you have any questions or feedback, please reach out to our support team by email at firstname.lastname@example.org.