Security

Protecting Your Data Is Our Top Priority

We keep your documents and data secure with state-of-the-art systems and security practices.

Secure by design

Doc Collect Hub has been designed from the ground up to be extremely secure.

Your documents and data are encrypted in transit and at rest to ensure maximum security. We also follow security best practices and guidelines to guarantee that we maintain a best-of-class standard.

People

  • All freelancers and employees are required to sign confidentiality agreements and follow our cybersecurity policy.
  • Our cyber security policy is reviewed every quarter and our team is trained on security regularly.
  • We enforce several device management policies, including locking the screen when leaving the desk, password strength and rotation, remote lock, and disk encryption.
  • All freelancers and employees are required to report all suspected and actual IT security incidents.
  • Freelancers and employees don’t have access to user data by default. Exceptions are made for customer support purposes.
Doc Collect Hub Cybersecurity

Infrastructure

  • We have our own infrastructure which is hosted in Teraco’s fully PCI DSS-compliant data center with NAPAfrica’s layer 2 Internet eXchange (IX) points.
  • Teraco is based in Isando, South Africa and they implement robust physical security mechanisms to protect our infrastructure.
  • Our networking infrastructure, including DNS servers, load balancers, routers, etc. is also located in the data center.
  • Access to our network is controlled strictly using VPNs with IP whitelisting and network access control lists (ACL). All communication is done via end-to-end HTTPS encryption.
  • All outbound and inbound network traffic is monitored and controlled using IP whitelisting and firewalls.
  • We use industry-standard solutions to mitigate the risk of Distributed Denial of Service (DDoS) attacks.
  • We use various solutions to monitor our platform’s performance proactively and log errors in our service.
  • We use separate environments for production, development, and UAT testing.

Application security

  • We follow OWASP security best practices to protect our system.
  • We strictly control who has access to our source code.
  • We restrict access to production data to authorized staff members only and protect it by IP Whitelisting, VPN access, and 2FA.
  • We review our code regularly for security vulnerabilities.
  • We monitor and update our dependencies to ensure none of them have known vulnerabilities.

Data

  • Your documents are hosted, and your data is stored in South Africa.
  • All user data is encrypted at rest using AES 256-bit encryption algorithms.
  • All data received by or sent from our system is encrypted in transit with Transport Layer Security (TLS 1.2).
  • We anonymize data and don’t transmit sensitive data to our sub-processors.

Compliance

The Protection of Personal Information Act, also known as POPIA or the POPI Act, came into effect in South Africa in 2021. The POPI Act defines the minimum standards for processing and accessing personal information that belongs to another.

At Doc Collect Hub, data privacy is one of our main priorities. We therefore ensure that we are fully compliant with the POPIA regulation.