Security

Saasu uses a variety of security systems and procedures in order to protect our clients privacy and data. The nature of security is such that we can’t go into too much detail about what we do as that would provide information to malicious actors as to how to approach us. So we will list some basic concepts here to give you a feeling for what we get up to:

  • We don’t store your card details or your customers. We encrypt them and pass them onto PCI complaint Payment Gateways who securely manages them. In Saasu’s case we use Mastercard as our Payment Gateway for all card types (Visa, Mastercard and American Express).
  • We engage white hat hackers to find bugs for fee income as part of our Bug Bounty program.
  • Security reviews such as OWASP reconciliations of our systems and procedures.
  • Store your data locally in Australia. We have servers in two separate Sydney (Australia) locations supported by Amazon Web Services.
  • Automatic backups of everything you do every 15 minutes.
  • Secondary backups in another secure location.
  • Saasu has a security audit report for Subscriber File Admins so you can keep an eye on your users activity. It tracks Machine Address and IP address amongst other things.
  • Offer Two Factor Authentication (2FA) in case you want your users to access Saasu in a more secure way by receiving an SMS to sign in.
  • Engage a local Australian technology company to monitor and upgrade our infrastructure instances with the latest security patches as they arise to reduce the
  • Use of Google Enterprise to create email and file security within our organisation
  • Follow operating procedures for service, developer and managerial staff to raise awareness and process improvement to prevent social engineering attacks and the like. We also restrict what file types can be opened and viewed at Saasu. We also restrict what can be uploaded into a Saasu file for our customers.
  • We have a variety of bank feed security measures in place.
  • SSL encrypted for secure web traffic.

Deactivation of suspicious accounts

Saasu may deactivate trial or paid accounts where one or more of the following occurs (but not limited to):

  • Sign-in’s via offshore locations not normally associated with Australian businesses.
  • Providing a false name or an abbreviated name as a subscriber.
  • Using email addresses whose domain may be flagged by us as a known security, spamming or phishing risk.
  • Supply of invalid phone numbers as a subscriber.
  • If we suspect a trial is being used against our Terms of Use. Such as a training tool (without a valid licence to do so), testing other accounting systems or reverse engineering our intellectual property.