Wagestream Trust Centre
At Wagestream we take the security, privacy and welfare of your data incredibly seriously. Our Trust Centre is designed to give you an overview of the controls and measures we have in place to safeguard your data.
Platform and Network Security
We perform rigorous security testing including, but not limited to:
- Third-party application and network penetration tests, performed by Cobalt.io against our entire product suite with GIAC, OSCP, CEH, and CISSP certified testers.
- Nightly vulnerability scans against our application and network by Qualys.
- We have Automated Threat Detection (AWS Guard Duty), Web Application Firewalls (AWS WaF), and DDoS protection in place (AWS Shield).
- We use Amazon Systems Manager to automatically update and patch our infrastructure.
Storage of Data
- Data is stored, encrypted at rest using a minimum of a 256 bit key via AWS KMS.
- UK & EU customer data is stored within the AWS London (eu-west-2) data centre.
- US customer is stored within the AWS North Virginia (us-west-1) data centre.
- Backup retention is 35 days, some data retained for longer under Money Laundering regulations.
- Physical and electronic material is destroyed using ADISA certified 3rd parties.
- We have an active asset register.
- We use an MDM and fleet management solution (Microsoft InTune) to manage all our devices.
- We use CrowdStrike.com for endpoint security, next generation antivirus and malware protection.
- We leverage multiple DLP strategies using CrowdStrike, Google Vault and more.
- All access to customer data is limited to a need-to-know basis, only via encrypted links, VPNs. Access is fully auditable.
- We use Automox.com to handle patching of our operating systems and 3rd party software.
- We are CyberEssentials Plus certified (IASME-CEP-001478).
- All transfer of data is performed over either HTTPS (TLS >= 1.2) or Secure FTP with no less than a 2048 bit using public key authentication.
Security Best Practices
- All user passwords are salted and hashed with the scrypt algorithm
- All sensitive banking data (i.e. bank account), is further encrypted via AES256.
- Multi-factor authentication is active, and Single Sign-on (SSO) is used to cascade access across multiple services where possible.
Compliance & Governance
- All data centres are readily compliant with ISO27001, SOC-1,2,3 PCI-DSS L1 and more.
- We are registered with the FCA, as an EMD Agent (902046)
- We are registered with the ICO under the UK Data Protection Act (ZA421647).
- All staff complete the NCSC cyber awareness training
- All staff are ID&V and DBS checked, key staff are additional run through an adverse credit check facility.