Security of your information is our number one priority. Our company values the trust you have placed in us - and was setup from the day it was founded to be as secure as possible. The most common answer we give is that we store your data, and encrypt it - very similarly to the way your bank does! Your data is always your data, it is always owned by you at all times - we will never use it or share it for any other purpose other than to provide our service to you.
OUR HOSTING PARTNERS
We utilize Amazon Web Services (AWS) (aws.amazon.com) hosting facilities in Montreal, Quebec, Canada for all our database and web hosting infrastructure. This ensures your data stays in Canada at a top-tier facility. You can read more about AWS’s security and infrastructure here:
https://aws.amazon.com/canada/aws-in-canada/
We utilize DigitalOcean’s Toronto data centre for nightly off-site backups. We only transfer fully encrypted backups to this site. This ensures that we have access to your data with two completely separate hosting providers in the case of a disaster.
SECURITY AND SCANNING
We are a paying customer of a security company called Cloudflare (www.cloudflare.com) and utilize their products in front of all of our infrastructure to assist with security and load balancing traffic. They are the market leader in proxied web security – assisting large companies, and accounting for a significant portion of the overall internet traffic globally. None of our infrastructure is publicly accessible, it all must be accessed through Cloudflare, adding a layer of security for our clients.
We utilize a security scanning company called Detectify (www.detectify.com) to perform weekly and monthly security scans of our platform. They are a modern web application security company who assist us in staying on top of the latest security concerns. Again, adding a layer of confidence and trust that our clients know we are staying on top of the latest security concerns.
INSURANCE
We carry $2 million in general commercial liability, and E&0 coverage insurance through an insurance company that specializes in cyber security in Canada. We have specific coverage for:
• Commercial General Liability
• Professional Liability
• Technology Based Services & Products Liability (Cyber 3rd party)
• Information Security and Privacy Liability
• Cyber Security (1st Party)
Upon request, we are happy to provide an insurance certificate naming any client as additionally insured.
DATA PRIVACY
The protection of personal information is critically important to us. One of the reasons our company was founded was because there was not another company in Canada, handling athlete information in the way our clients wanted, so we partnered with our early clients and created the solution.
We consider ourselves an electronic service provider - we do not own any of the data in our systems, and we do not have any rights to the data – the data in our system is always owned by our clients.
We will do everything we can protect that data and we will never use it for any other purpose than to serve our client. We provide self-serve tools that allow you to export and purge your data within our system at any time.
We publish a privacy policy on our website for all our users to read:
https://athletesystems.ca/privacypolicy.pdf
UPTIME / RELIABILITY
We take great pride in providing a platform that is always available, and reliable.
We purchase services from the market leader in uptime, and speed monitoring – a company called Pingdom (www.pingdom.com). We monitor our systems every minute, of every day to ensure they are always accessible for our clients.
We publicly and transparently publish Pingdom’s reports on our site, so you can check it at any time:
http://uptime.athletesystems.ca/
BACKUPS
We take hourly, and daily snapshots of our database. We then back up daily to a off-site location at another data centre on a rotating 7-day schedule.
Thankfully, our redundant environment has never had to be reset using backups in our 20-year history, but the backups are there, and tested regularly in case any issues do arise.
REDUNDANCY AND SCALABILITY
Our infrastructure is designed to be entirely redundant with automatic recovery/failover in place wherever possible. This means at any time, we have multiple web servers, and multiple database servers in a load balanced environment - supporting our clients. If we have a hardware failure in one area,
another device will automatically take over and the transition for our clients will be seamless.
This also allows us to scale our infrastructure as needed – and ensure our servers are as fast and responsive during your quiet periods, as they are when it is the busy season.
Please don’t hesitate to talk to us and give us a heads up when you expect large number of users to be accessing the systems and we’ll ensure our infrastructure is in place to handle it with ease.
ENCRYPTION
We always enforce SSL encryption for users of our platform. This means the information that is transmitted between your computer/phone and our servers is always encrypted. This is the same way your bank encrypts that information.
All our servers (web and database) employ full-disk encryption, meaning the contents of their hard drivers are always encrypted.
We work diligently to ensure your data is always encrypted at rest and in transit.
CONTRACTS AND AGREEMENTS
We utilize a master agreement, with a separate statement of work. A common legal agreement structure in the software industry. We are happy to provide a first draft of an agreement with us – and are open to adjustments as we understand that each client operates in a slightly different environment.
We prefer multi-year agreement. We are looking for long-term stable relationships which allow us to grow and continually improve our service to our clients.
Questions?
If you have any additional privacy, security or technical related questions - please don't hesitate to reach out to our team (support@athletesystems.ca) for a detailed response.