Security Policy

Security at tchzo The security of your data is of utmost importance to us here at tchzo.

Security maintenance includes:

Encryption All customer interaction with tchzo servers is encrypted through the use of SSL. Our SSL certificates use 256-bit encryption to protect your data. Data is encrypted at rest with AES-256, block-level storage encryption.

Disaster Recovery Data is backed up offsite daily for recovery from disasters. Daily logical backups are retained for 7 days. Our provider offers a continuous protection mechanism of disaster recovery and our recovery point objective (RPO) in the event of disaster is within 24 hours. Due to our multi-tenanted environment we haven’t set an RTO.

Data Retention and Location tchzo stores the minimum amount of data required in order to provide our services. Customer, proposal and pricing data must be stored by tchzo, but credit cards details are stored by PCI compliant service partners.

tchzo securely and indefinitely retains data unless deletion is requested by the principle of the account. Servers housing data are located within the United States of America.

Financial Security Credit card details are never stored by tchzo. Credit cards are transmitted directly to our payment providers over SSL connections and are not logged or stored in tchzo systems.

Subscription payments are processed securely by a PCI-DSS Level 1 compliant service provider.

Customer payments are processed by Razorpay, a PCI-DSS Level 1 compliant provider. tchzo connects to Razorpay using its secure js file.

Password Security Password security is maintained through minimum passwords lengths and automatic lockout on repeated login failures.

To maximise your safety, tchzo recommend your password be at least 10 characters with a mixture of letters, numbers and punctuation characters. We recommend that the password you use for tchzo is unique and not used for any other web sites. A password manager such as 1Password or LastPass is recommended to manage your passwords.

No plain text passwords are stored at any time.

Physical Security tchzo’s production systems run on Google Cloud platform, a popular cloud computing platform. Google Cloud platform’s security policy details the physical, network, system and data security they provide.

Network Security tchzo undertakes annual penetration testing.

tchzo has implemented technologies to reduce the impact of DDoS attacks.

Vulnerability Management Software libraries used by tchzo are actively kept up to date. Any security fixes or patches are treated as top priority and are applied as quickly as possible - normally within 24 hours of public release.

Accreditation tchzo is not ISO or SOC accredited. Please review our sub-processor list for details of sub-processor accreditations.

Support and Development Application development activities are located within Australia and occur primarily within Australian business hours. Our current infrastructure does not require scheduled maintenance down-times, but we reserve the right after providing 24 hours notice.

Support activities occur globally and current hours of operation are 9 am Monday to 11 am IST. No official SLAs are offered, but we endeavour to respond to all support queries within 24 hours.