We ensure that our security approaches are in line with specific standards, laws and regulations.
We know that security and privacy are important to you and your clients. That's why we put all our effort into ensuring your information stays safe with us.
Our Information Security Management System has been certified by NQA, against the provisions of the ISO/IEC 27001:2013.Find out more
GDPR Compliance: Data Protection & Privacy
In all our operations, we ensure that your privacy and personal data is secured. Check our GDPR Compliance Statement which includes detailed information explaining how we are GDPR compliant.
Secure Data Transmission
The privacy of all internet communication between users and clients and our system is secured by TLS 1.2 which is one of the strongest protocols available today.
In order to be HIPAA compliant, we have implemented the Accountable HIPAA Compliance Software, adjusted for Business Associates when providing our services to healthcare providers.
As part of our legal responsibilities under the HIPAA Rules, we identify risk areas, develop policies and procedures, conclude Business Associate Agreement, train our staff and ensure that PHI are always protected. Some of our measures include:
- Access to PHI restricted;
- Idle time logouts;
- Adjusted corresponding emails and SMS booking notification.
We monitor our network constantly against any potential threats including data breaches, adware, hackers, pop-ups and phishing attempts. Historically our uptime has been around 99.9% which corresponds with our goal, to provide you with a trustworthy business partner.
Trusted data centers
SimplyBook.me hosts its servers with three reputable data centers, in Canada, France and Singapore. Those three hosting companies have 24/7 security personnel on site, security badge control system, video surveillance with badge entrance into their buildings and strict access control making it extremely hard to break into. The hosting centers meet the R82 and R81 APSAD standards and work according to ISO 27001 standards.
Security by Design
We develop and maintain our system according to SDL principles, defining key security risks before each project change and implementing relevant security controls to address these risks. We do our best to protect the system against known vulnerabilities (SQL and XSS injections, CSRF attacks, etc.) by implementing SaaS companies best security assurance measures.
SimplyBook.me does not store any credit card information, neither when you pay your subscription fee to SimplyBook.me, your recurring subscription fee nor when your clients pay for your services on your booking page. Your payment are all processed by an external and secure PCI DSS compliant parties such as Paypal, CardConnect, Stripe, Borgun and more. This means that your payment is always 100% safe (or at least as safe as it gets with these providers) and your payment data remains confidential.
Your data within SimplyBook.me is backed up every single day and stored on a secure server using encrypted data transfer in different locations to avoid any potential data loss or corruption. We verify our backup procedures regularly to make sure we provide you with the most secure performance.
Protecting Personal Data
SimplyBook.me is designed to control closely what level of access is needed for our support personnel and restricts any excess access. Every single person in our staff that may access data is required to sign NDA and is obliged to turn in a criminal record certificate. Relevant data is only visible for relevant people, defined by role based authorization.