Enterprise-ready application hosting

Peoplewave software is deployed on Digital Ocean, an infrastructure-as-a-service cloud platform used by organisations of all sizes to deploy and operate applications throughout the world. DigitalOcean uses commercial data centre providers to house its infrastructure, including Equinix, Digital Realty Trust-owned Telx, TelecityGroup, and Interxion, with 13 total locations in Singapore, New York, San Francisco, Amsterdam, London, Frankfurt, Toronto and Bangalore.

DigitalOcean has comprehensive security implementations and also meets all the major compliance frameworks as can be seen from their documentation below:

International certification

As a part of our practice to safeguard your information, we conduct internationally recognised policies and procedures. Specifically, we deploy Peoplewave applications currently in the Singapore data centre which is compliant with the following certifications:

  • ISO/IEC 27001:2013 (ISO 27001 is a globally recognised information security standard.)
  • SOC 1 Type II
  • SOC 2 Type II

Strong data protection and encryption

We take the protection and safeguarding of your data very seriously.

  • SSL & Encryption

    All traffic between our clients and Peoplewave servers is encrypted through SSL. SSL certificates are created by using RSA and DSA based ciphers.

  • 3rd Party Access to Data

    We don’t sell data to any 3rd parties so your data is safe with Peoplewave.

  • Credit card data

    Peoplewave uses a third party credit card solution, Stripe, and all information is encrypted between the client and the Stripe servers. Peoplewave does not store Credit Card data. All credit card information is stored on Stripe, which is a validated Level 1 PCI DSS Compliant Service Provider. To validate this, please review here. Stripe employs comprehensive security protocols, which can be reviewed here.

  • Passwords

    Passwords are stored hashed and never logged, stored or transmitted as plain text.

  • Access control

    Only authorised Peoplewave employees are given access to the resources that are required for their role, following the principle of least privilege. Authentication to access these resources is always password-based and login credentials are always transmitted encrypted, over https.

Maximum security

Our infrastructure is designed for maximum security to safeguard your data against unlikely risks.

  • External security testing

    We work with HackerOne to test Peoplewave for vulnerabilities and ensure any faults are identified as quickly as possible. HackerOne works with many other security conscious companies like GM, Spotify, Starbucks and airbnb.

  • Disaster Recovery

    DigitalOcean utilises disaster recovery facilities that are geographically remote from their primary data centres in the event production facilities at the primary data centres are rendered unavailable. Peoplewave also has a hot-standby follower database should the primary database be inaccessible for any reason.

We’re always on 24/7

We’ve planned a framework for maximum efficiency and minimum downtime.

  • Uptime

    We guarantee 99.8% uptime averaged over one month (excluding scheduled maintenance).

  • Scheduled Maintenance

    We are continuously updating Peoplewave software to provide excellent products and great experience for our users. Most updates take place with no downtime at all. In cases where some downtime is required, we keep it to an absolute minimum, typically between 10 to 20 minutes. Any scheduled downtime is announced at least one business day in advance and is scheduled during off-peak hours, typically Sunday evenings. All incidents and scheduled downtime are announced on our Status Page where users can subscribe for live email or SMS updates.

  • Backup process and data retention policy

    DigitalOcean automates the backup process and we keep full daily backups of Peoplewave data for the last 50 days. DigitalOcean also maintains a transaction log of the last 7 days.

We protect your privacy and data in the EU and worldwide

Peoplewave takes the privacy of people’s data very seriously and to that end, has a comprehensive Privacy Policy which complies with the data protection laws of all countries within which we operate, any EU country and to the extent applicable, the data protection or privacy laws of any other country. Review here to see this policy.

  • EU Data Protection

    Companies in the EU can use Peoplewave with confidence as we adhere to all the necessary data protection regulations.

    Peoplewave does not store Personal Information any longer than necessary. Specifically, this means that the Personal Information is removed from our system within a set time after a user is deactivated (access to Peoplewave is cancelled) by the employer.

    • At all times, you are entitled to revoke your consent with regard to the processing of personal information by Peoplewave, the right to inspect and correct the processed Personal Information, and the erasure and transfer of the Personal Information processed / stored by Peoplewave.
    • Peoplewave only shares personal information with appointed sub-contractors if this is necessary for Peoplewaves services, when there is a legal obligation, or when Peoplewave is specifically requested by the customer (the employer). Peoplewave does not pass on personal data to parties other than Digital Ocean, Intercom, Metabase, Mandrill, Sentry, Mixpanel and does not pass on personal data to a country outside the EU.
  • Worldwide data protection

    • See Peoplewave’s Privacy Policy here. In order to use Peoplewave, all users no matter what role he or she has, will have to accept our Privacy Policy. We will keep track of what version of the app the user uses and when they have accepted the Privacy Policy. If a user has not accepted the Privacy Policy, he or she will not be able to login on Peoplewave. If a user gets archived, he or she will be anonymised after 18 months. All personal data of this user (name, email, phone number, pictures, profile description, social media links) will not be visible for the company anymore.
    • Right to be forgotten: If a user wishes to be deleted, we are required to honour their request and delete his/her account and all data.

Want to learn more?