SettleIndex was built to handle confidential data. Application security is periodically audited by a third party and client data is completely private.
The application has been audited for security by a CREST certified penetration testing provider. In the latest report, there were no outstanding security issues.
Multi-factor authentication is mandatory on all accounts. We operate email and password authentication, followed by a one-time security code sent via SMS. Users are unable to access accounts without both the password and the security code.
The application was built to handle sensitive and confidential information and we practice privacy by design. Users must take specific steps to share data with other users.
Employees and contractors have no access to client data.
The application scores A+ on the Mozilla Observatory Security Scan.
SettleIndex is a cloud application hosted on infrastructure owned and operated by Amazon Web Services (AWS), providing the highest levels of physical and infrastructure security. AWS is utilised by the US and UK governments and is widely recognised.
All user data is fully encrypted at rest using 256-bit Advanced Encryption Standard (AES-256). We follow industry best practices and widely accepted recommendations to minimise security risks.
Data security is a key part of our application development and under continuous review. We have automated tests in place whenever code is updated to ensure access control and visibility of data cannot be compromised by accident or oversight.
Users of the application are monitored in an anonymised way for the purposes of improving the software. Individual actions within the application are not monitored, with the exception of recording sign in dates for audit and security purposes.
Data is stored in centres located in London, UK.
SettleIndex is compliant with the EU’s General Data Protection Regulation (GDPR) with a privacy by design architecture and clear privacy policies for visitors and users.
The Data Protection Officer (DPO) is Zachary Best. The data controller is SettleIndex Ltd, and Zachary Best is the representative in the EEA. Contact details can be found below.
In accordance with GDPR, data associated with any account can be permanently removed upon request. Data collected by clients with trial accounts is not subject to analysis.