Your data and security
In order to comply with GDPR, all communication with our servers takes place via a secure HTTPS connection (128-bit SSL). It is the same technology used by your bank to encrypt communications within their website.
All passwords and any personally identifiable data, such as your name, company name, or company address – are stored on disk (in our database) using industry-standard encryption algorithms.
Neither our staff nor any would-be attacker has any reasonable mechanism by which to decrypt your data without you providing your password.
For our bank feeds feature, we use the biggest third-party banking data provider (used globally by thousands of accountancy software applications) and we don’t store or hold any details such as bank account numbers or login details on our own servers.
We take regular automated and encrypted backups of all data stored on our servers and then transport those backups securely to Google's secure UK data centres.
The security of our software and your information is one of our top concerns. Pandle is developed by a government-endorsed, Cyber Essentials accredited company, with strict controls and measures for how information security is handled by our development team.
The software itself is developed using languages and frameworks that are in active development and have regular security updates provided. In addition, the languages and frameworks we use to safeguard ourselves against common web-based attacks by default are the same technologies used by Google and other popular web applications.
Our development team receive training on how to write secure code, and we have a code review process that involves at least one other team member reviewing code written by another before it even makes it on to our testing platforms. We also use static analysis tools such as Code Climate that help to identify any common vulnerabilities before they ever make it on to a production server.
We use Google Cloud servers to host Pandle and its associated services, and all data is stored in Google's UK data centres. We’re also extremely proud of our reliability and excellent uptime record.
Our application maintains extremely detailed audit logs of who has accessed our systems and servers, and we proactively monitor these audit logs and alerts to identify and stop any would-be intruder. We also have a number of automated systems that will automatically block any malicious attacker should the system detect any suspicious activity.