Security and Compliance represent key aspects of any product your team uses. ListAlpha is committed to securing access to your data, eliminating systems vulnerabilities and ensuring continuity of access.
GDPR / CCPA
ListAlpha is designed to comply with all requirements stated by the GDPR and the CCPA.
ListAlpha is a UK registered company and is registered with the UK Information Commissioner's Office.
Where possible ListAlpha makes tools available to our customers to allow them to meet their obligations to such legislation inside the platform.
ListAlpha uses Stripe to handle payment and card information, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 Service Provider. This represents the most stringent level of certification available in the payments industry.
ListAlpha does not typically receive credit card data, making it compliant with Payment Card Industry Data Security Standards (PCI DSS) in most cases.
ListAlpha itself is not designed for the storage of PCI protected data and customers should ensure that they do not use the system in such a way that requires the storage of credit card information.
Business Continuity and Disaster Recovery
ListAlpha platform uses automatically provisioned, redundant AWS servers to protect against failure. Server instances are regularly taken in and out of operation throughout the day as part of our routine operation without affecting availability.
ListAlpha keeps regular daily and weekly backups of data in multiple geographic locations on AWS. All backups are stored in an encrypted form. In the case of platform-wide production data loss we are able to restore data from these backups. We regularly test our ability to restore our infrastructure from the backups we maintain. We routinely verify the integrity of the backups that we hold.
ListAlpha primarily serves traffic from a single geographic region spread across multiple availability zones. In the unlikely event of a prolonged regional outage we maintain a documented procedure for provisioning our deployment environment in a separate region. ListAlpha has an extensively documented Incident Response process that includes documented procedures for Business Continuity and Disaster Recovery.
Temporary Passcode Login
ListAlpha provides users with the ability to sign in using temporary passwords. Temporary passwords are valid for one hour after they are issued and have several automated defences against brute force attacks.
ListAlpha provides the option for users to add an additional layer of security to their account using Time-base One Time Passwords (TOTP). Once enabled Two-Factor Authentication applies to all authentication methods including Single Sign-On.
Sign In with Google
ListAlpha allows users to login using their Google or GSuite for Business account. ListAlpha participates in the Google Security Assessment program meaning our Sign In with Google flow is assessed for Security and Privacy annually by a Google nominated third-party auditor
Uptime and durability
We conduct rigorous penetration tests with world-class independent security consulting firms.
We save backups for 90 days to ensure your data is safe and secure, and store them redundantly across multiple availability zones.
Any access to customer data in cases when customers need our assistance is exhaustively logged and audited.