Security is vital - we're on it

We take the security of your data extremely seriously - here's what we do about it.
Data and system security is primarily covered in our Terms of Use, Privacy Policy and Acceptable Use Policy. This page provides additional detail.
- Our primary host is Google Cloud Platform - one of the most secure and reliable cloud providers in the world.
- We perform regular security scans using an independent, third party vulnerability scanner.
- We use automated code analysis systems to highlight any potential security threats and vulnerabilities.
- Website data is always sent over a secure connection using 128-bit SSL encryption (the same level of encryption used by leading websites).
- Passwords are stored encrypted - hashed with salt using a strong hashing algorithm.
- Our system uses several layers of encryption to protect customer data at rest.
- Strict data access policies for our personnel are applied along with many other security good practices.
- Data is backed up frequently, stored securely on Google’s servers and features point-in-time recovery.
- Enforce your own password policy with SSO-only mode (single sign-on).

Hosting
- Resource Guru is primarily hosted on Google Cloud Platform in the United States - offering a highly secure, reliable and resilient environment. Systems automatically restart when they fail and automatically scale up when necessary.
- The Google security model is an end-to-end process, built on over 15 years of experience focused on keeping customers safe on Google applications like Gmail and Google Apps. With Google Cloud Platform our app and data take advantage of the same security model. Learn more about Google Cloud Platform security.
- Google Compute Engine has completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications, demonstrating their commitment to information security (many Google customers use SOC 1 as an integral part of their Sarbanes-Oxley efforts and other security and compliance initiatives). Learn more about Google’s compliance certifications.

Data transmission, storage and backups
- User data is always sent over a secure connection using 128-bit SSL encryption (the same level of encryption used by leading websites).
- By default, Google Compute Engine encrypts all data at rest.
- The servers on which we store personal data, and the teams that process it, are all located within the USA, European Economic Area (“EEA”) and South Africa.
- Our data is backed up onto encrypted, redundant block storage across multiple availability zones in our data centre using a method that allows us to perform a point-in-time recovery to any time of the day.
- It is our standard policy that we will never examine customer data unless it is absolutely necessary for technical reasons. Furthermore, personnel are not able to log into customer accounts via any user interface and, if access is ever needed to troubleshoot an issue, we will first gain consent from the relevant customer. At that point, customers are welcome to refuse. There is no other user interface available to us apart from raw data in the database which is restricted to authorized persons who only have access to the extent necessary to perform their duties.
- Any customer data accessed by authorized persons in the performance of their duties is transferred over a secure connection and stored on encrypted hard drives.

General security
- Resource Guru has been designed to protect against common web attacks and our systems are kept up to date with the latest software versions and security patches.
- We perform regular security scans using an independent, third party vulnerability scanner.
- Google intrusion detection involves tightly controlling the size and make-up of Google’s attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.
- The app has a multi-tenant architecture which ensures that any data retrieved for a user during their session is scoped only to the account they belong to.
- Passwords are stored encrypted - hashed with salt using a strong hashing algorithm.
- Resource Guru also features a user permission system to ensure that admins can control which sections of their account users have access to.
- We use automated code analysis systems to highlight any potential security threats and vulnerabilities.

Permissions and access control
- We know that you need to control who has access to your data. That's why we built in some advanced user permissions which allow you to control who has access to the different sections of your account.
- With SSO-only mode (single sign-on), you can centralise access control. When you deprovision someone in your identity provider (IdP), they will automatically lose access to your Resource Guru account. So, only the right people have access to your data.

Data privacy and protection
- We take data privacy and protection extremely seriously. Please see our Privacy Policy for details of how we comply with data protection law. As required by the UK Data Protection Act 1998, Resource Guru is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z3001946.
