Your data and security
All communication with our servers is done via a secure HTTP connection (128-bit SSL), the same technology used by your bank to encrypt communications with their website. All passwords and any personally identifiable data – for example: your name, your company name and your company address – are stored on disk (in our database) using industry-standard encryption algorithms, and our staff nor any would-be attacker have any reasonable mechanism by which to decrypt them without you first providing your password.
For our bank feeds functionality, we use the biggest third-party banking data provider (used globally by thousands of accountancy software applications) and we don’t store or hold any details such as bank account numbers or login details on our own servers.
Pandle also gives you the option to delete all of your data at any time you choose via your company settings, at which time the application will securely erase all details of your company and its data from our systems.
We take regular automated and encrypted backups of all data stored on our servers and then transport those backups securely to data centres around the globe.
The security of our software and your information is one of our top concerns. Pandle is developed by a government-endorsed, Cyber Essentials accredited company, with strict controls and measures for how information security is handled by our development team.
The software itself is developed using languages and frameworks that are in active development and have regular security updates provided. In addition, the languages and frameworks we use safeguard us against common types of web-based attacks by default, and are the same technologies used by Google and other popular web applications.
Our development team receive training on how to write secure code, and we have a code review process that involves at least one other team member reviewing code written by another before it even makes it on to our testing platforms. We also use static analysis tools such as Code Climate that help to identify any common vulnerabilities before they ever make it on to a production server.
We use a mixture of Google Cloud and Digital Ocean servers to host Pandle and its associated services, to remove any reliance on one single provider. We’re also extremely proud of our reliability record. We've encountered only one occurrence of unplanned downtime since we launched Pandle, with the issue being resolved within six hours.
Our application maintains extremely detailed audit logs of who has accessed our systems and servers, and we proactively monitor these audit logs and alerts to identify and stop any would-be intruder. We also have a number of automated systems that will automatically block any malicious attacker should the system detect any suspicious activity.