We keep your data safe
ShiftPlanning is compliant with the US/EU Safe Harbor program and we oblige to provide our users with high security and privacy standards recognized by the US./EU Safe Harbor principles.
We Self-Certify Compliance with:
ShiftPlanning provides an optional Secure
Socket Layer (SSL) to access accounts.
This provides 256 bit encryption between client computers and our servers. In layman terms this is the same level of protection that online banks use throughout the world and is also military grade. So rest assured we have you covered in that area as well!
The Secure Socket Layer (SSL) encryption ensures that all communication channels between ShiftPlanning and you are safeguarded and private.
ShiftPlanning’s data center is located on the Softlayer’s N7 node in Dallas, Texas and it is monitored 24/7 to ensure that the servers are always safe and your data always available. We perform an hourly offsite backup that can be restored within minutes ensuring that account data is never lost.
We go through great lengths to ensure that our data centre security is up to the highest standards. Our strict security protocols have undergone a comprehensive SOC 2 certification audit.
Our data centre is protected against any unauthorised physical and logical access and our system processing is complete, accurate, timely and authorised. All your confidential data is protected and all information collected in our data centre is private. The SOC 2 certification was the next logical step forward after the previously used SSAE 16 and SAS 70 Type II, Tier 4. We opted for the SOC 2 in order to meet the needs of a broad range of ShiftPlanning users and assure them that we have the best security systems in place to safeguard their data and information.
It’s YOUR data
Download at any time
To give clients complete peace of mind, up-to-date account information can be downloaded from ShiftPlanning at anytime.
The app offers robust account settings and permissions to ensure that employees and managers only have access to the data to which they are privy.
ShiftPlanning takes pride in its server reliability and we boast an uptime track record of +99.9%. We are dedicated to providing the best quality of service to our users and making their company data available at all times.
We are commited to providing the highest level of service and operational transparency, and our users can check on uptime anytime through our ‘Status Dashboard’ at status.shiftplanning.com. This record includes both scheduled maintenance which we post to our announcements forum and unscheduled downtime.
During a downtime, our status page will be updated in real-time with the latest updates. We also tweet updates in realtime from our Twitter account.
Frequently asked questions
Where is all the data stored?
All the data is securely stored at the ShiftPlanning data center located in Dallas, Texas. The data center is monitored 24/7 to ensure that the servers are always safe and your data always available.
What type of security measures do you have in place?
The ShiftPlanning data centre has undergone a comprehensive SOC 2 certification audit and all communications between users and the server use the Secure Socket Layer (SSL) 265 bit encryption to keep your data safe and private.
We are not forcing all data to be encrypted, just some parts involving authentication, authorisation and payments. However, there is an option in our administration panel for each client to force the Secure Socket Layer (SSL) 265 bit encryption for everything regarding clients data.
What security/privacy certificates do you comply with?
How do you handle customer data?
Clients data is accessible on a “Need To Know” base by ShiftPlanning employees. Apart from it, every ShiftPlanning employee has the NDA signed with company.
What will the data be used for?
Data is used only for uninterrupted/optimal functioning of ShiftPlanning web application.
Do you perform data backups? If yes how often?
To ensure that your data is always safe, we perform an hourly offsite backup that can be restored within minutes and we also perform a full daily backup.
Will our phone numbers, emails, employee ID’s and other relevant company data be safe with you and not shared with a 3rd party?
Under no circumstances shall ShiftPlanning knowingly share any client data with any 3rd party.
If your environment handles credit card transactions, are you PCI compliant?
Our payment processing procedure, currently handled through Paypal is 100% PCI compliant.
Are ShiftPlanning servers always available or do you have any scheduled or unscheduled downtime for maintenance?
ShiftPlanning boasts an impressive uptime track record of +99.9% for server availability. Users can check on uptime anytime through our Status Dashboard to receive real time updates.
This record includes both scheduled maintenance which we post to our announcements forum and unscheduled downtime. During a downtime, our status page will be updated in real-time with the latest updates. We also tweet updates in real-time from our Twitter account @shiftplanning during scheduled or unscheduled downtime.
Do you have any business continuity and disaster recovery plans?
We have all the relevant data stored on an AWS (Amazon Web Service) cloud for timely disaster recovery in any data center anywhere in the world. Our disaster recovery plan is confidential.
What is your estimated time for resumption of service in the event of a catastrophic event at that data center? Is this contractually guaranteed?
Estimated time for resuming normal operations is up to 12 hours. There are no special contractual guarantees for it.
Can you provide immediate notification to users on all security breaches?
Although we don’t have a defined policy for such events, we are always working in the best interests of our clients. If there is any data breach, clients will be notified immediately after discovery.
Do you have any automatic security measures integrated to prevent any misuse of user accounts at the workplace?
The automatic timeout feature will put all the ShiftPlanning at ease, as it will automatically log out any user after a period of time that you choose to set in your admin settings. This ensures that user accounts are safe even if the user leaves the computer with their account still logged on.