Frequently Asked Question

Back to other FAQs

How secure is the data?

At Tell Touch, the security of consumer data is paramount, and we have built our systems from the ground up with this focus.

Below are some of the key security measures we have implemented:

  1. Data Protection and Encryption:
    • Data Encryption: All data is encrypted in transit using HTTPS with SSL certificates from Let's Encrypt and over WireGuard with 256-bit ChaCha20-Poly1305 encryption. Data at rest is secured using PostgreSQL’s Transparent Data Encryption (TDE) and Linux LUKS block storage encryption.
    • Secure Data Handling: All data is treated as "Protected Health Information" and is subject to rigorous security controls to comply with the Australian Privacy Principles and HIPAA compliance requirements.
  2. Server and Infrastructure Security:
    • Data Center: Our servers are hosted in Equinix facilities in Sydney, which is also used by Australia's largest banks, ensuring top-tier security measures.
    • Server Management: Managed and maintained by Fly.io, our servers meet SOC2 Type I compliance and have controls in place for HIPAA compliance.
  3. Application Security:
    • Development Practices: Our backend is developed in Ruby on Rails using a PostgreSQL database, known for its robustness and security.
    • SSL Pinning: Implemented in our apps to prevent Man-in-the-Middle (MITM) attacks, enhancing the security of data in transit.
    • Instance Isolation: Each organization receives a dedicated instance of the "dashboard," ensuring that no data is stored alongside other organizations’ data.
  4. Regular Security Audits and Penetration Testing:

    We conduct annual security audits and penetration testing to proactively identify and rectify potential vulnerabilities, maintaining strong defenses against evolving threats.

  5. Data Handling and Backup:
    • Data Removal: After feedback is sent, all data is completely removed from the kiosk app, and only necessary demographic data is retained on the mobile app for ease of future submissions.
    • Routine Backups: Data is routinely backed up to ensure that we can quickly restore services and data integrity in the event of an incident.
  6. Compliance and Legal Adherence:

    Our security design respects the "Australian Privacy Principles" as part of the Australian Privacy Act, ensuring compliance with national standards.

  7. Employee Training and Access Control:

    Access to sensitive data is strictly controlled and limited to authorized personnel only, with rigorous training on data security and handling of sensitive information.

These are just some of the comprehensive security measures Tell Touch has implemented to ensure the protection of all client data against unauthorized access and threats, maintaining the highest levels of data integrity and confidentiality.