Your data and security
All communication with our servers is done via a secure HTTPS connection (128-bit SSL), the same technology used by your bank to encrypt communications with their website. All passwords and any personally identifiable data – for example: your name, your company name and your company address – are stored on disk (in our database) using industry-standard encryption algorithms, and our staff nor any would-be attacker have any reasonable mechanism by which to decrypt them without you first providing your password.
For our bank feeds functionality, we use the biggest third-party banking data provider (used globally by thousands of accountancy software applications) and we don’t store or hold any details such as bank account numbers or login details on our own servers.
We take regular automated and encrypted backups of all data stored on our servers and then transport those backups securely to Google's secure UK data centres.
The security of our software and your information is one of our top concerns. Pandle is developed by a government-endorsed, Cyber Essentials accredited company, with strict controls and measures for how information security is handled by our development team.
The software itself is developed using languages and frameworks that are in active development and have regular security updates provided. In addition, the languages and frameworks we use safeguard us against common types of web-based attacks by default, and are the same technologies used by Google and other popular web applications.
Our development team receive training on how to write secure code, and we have a code review process that involves at least one other team member reviewing code written by another before it even makes it on to our testing platforms. We also use static analysis tools such as Code Climate that help to identify any common vulnerabilities before they ever make it on to a production server.
We use Google Cloud servers to host Pandle and its associated services, and all data is stored in Google's UK data centres. We’re also extremely proud of our reliability and excellent uptime record.
Our application maintains extremely detailed audit logs of who has accessed our systems and servers, and we proactively monitor these audit logs and alerts to identify and stop any would-be intruder. We also have a number of automated systems that will automatically block any malicious attacker should the system detect any suspicious activity.