OnVoard console platform and api endpoints runs completely on HTTPS. HTTP request will be 301 redirected to HTTPS.
How are passwords handled?
Passwords are one-way encrypted using PBKDF2 algorithm with SHA256 hash.
How are third party credentials handled?
For some services like "triggers", we may need to store third party credentials (like api keys for Cliniko). OnVoard takes appropriate measures by encrypting these credentials before storing it in our database. Credentials will be retrieved and decrypted on-the-fly when required.
How do you process credit card payments?
We use stripe as our payment processor. OnVoard do not store any credit card information.
Where are your servers hosted?
US region of Google Cloud.
We backup our database daily on a different cloud provider. Data are encrypted before it is transferred to backup storage.