- Simplifying Employee Time Management

Security policy

Table of Contents

Introduction provides the leading solution for business-critical employee scheduling solutions. This on-demand service is used by thousands of business owners and corporations around the world.

Whether a company is large or small, it must ensure that the employee scheduling solution it deploys offers the highest level of security available. Secure employee scheduling is not merely a matter of ensuring that no one can intercept data in transit, it requires an all encompassing solution that addresses every possible threat to data confidentiality and integrity. Today, a broad range of solutions exist to meet the needs of companies and individuals that must use web based employee scheduling. Most, however, are either inherently insecure or involve cumbersome set up and maintenance issues. Small businesses and enterprise level organizations alike need a solution that offers both highly secure tools and a low Total Cost of Ownership (TCO). has implemented a comprehensive, multiple-layer security strategy so you can rest assured that your data remains safe and secure at all times. Based on industry-standard security mechanisms and best practices, provides controls at every level of data access, storage, and transfer. We will detail each layer of’s seven-layer security strategy and explain how provides a low cost, highly secure file sending solution to our customers.

Back to Top

Secure, Reliable Data Center Facilities maintains secure, redundant, state-of-the-art data centers in California. Each data center facility is protected with double-wall construction and secured with biometric and video surveillance security. Physically protected around-the-clock by on-site security guards, each data center includes raised floors, seismically protected equipment, and water suppression and dry-pipe fire protection technologies to prevent damage or loss from fire, earthquakes, flooding, and other natural disasters.

All servers within each data center are secured in a locked room with limited access only by authorized individuals, and every visitor to a data center must possess not only a valid password but also must pass a biometric scan to gain entry. Guests and one-time visitors are always escorted by a data center security guard or another authorized employee. The entry and exit time of each visitor is recorded in a secure audit log.

To guarantee continuous, around-the-clock operations, maintains dual, redundant power supplies for every device and system in each data center, including UPS battery systems and diesel generators. Upon failure of the primary electrical power source, the backup power supply takes over, assuring users of continuous service at all times.

Back to Top

Network Access Control implements network and ISP grade firewalls to provide IP filtering and intrusion detection protection. Every server in each data center is protected with a constantly updated, industry-leading firewall, which blocks all ports except HTTP and S-HTTP. Port using HTTP or HTTPS is dynamically opened and closed as required. In contrast, competing solutions using Secure FTP or Secure Shell (SSH) require permanently open ports in a firewall, allowing unfettered inbound network commands and leaving the network vulnerable to attack.

Every server in’s data centers is based on the Linux operating system, a secure operating system that is not commonly affected by viruses or malicious attacks. For additional security, conducts regular vulnerability scans of its internal network to proactively detect and prevent security threats.

Back to Top

User Authentication and Authorization

All users must register using a valid email address and password. These credentials are encrypted during transmission and storage using a one-way hash. also requires every registered user to authenticate his or her email address before the user is able to use the service, ensuring that the user has registered a valid email address. Passwords must be more than five and less than 16 characters in length.

When a user requests a password reset, verifies that the correct, authorized user is making the request by sending a notification to the requesting email address that requires a response.

Back to Top

Data Storage

All files stored on servers are encoded and stored using a scrambled name, which makes it impossible for a network intruder to identify the file by its original name or read the contents of the file.

Back to Top

Data Transmission

In the employee scheduling tools, user creates accounts at Once account is created, an email is automatically generated to the account holder, who then must validate the account created with information sent in email. To ensure that data is not compromised, employs the Secure Socket Layer (SSL) protocol. In order to protect data integrity during employee scheduling, online payments, and user registration, implements highest industry-standard, 256-bit SSL encryption deployed.

Back to Top

Data Retention automatically stores all files uploaded by a customer for 14 days, at which time the file automatically expires and is deleted. Customers also have the ability to customize the data retention policy to meet their specific requirements, setting file expiration time as short as 30 minutes or as long as ‘never expire’. In the event a user notices an unexpected or unauthorized download of a file, he or she can delete the file from’s servers.

All user files uploaded to servers are replicated on a second server within the same data center and stored on both servers for the life of the file. In the event of a server failure, the file will be retrieved from other server within the same data center. Server replication to ensure total redundancy is conducted on a daily basis.

Back to Top


With’s comprehensive tracking tools, customers can create and check accounts of their employees, we maintain a log of who updated the information. This complete audit trail enables customers to ensure compliance with government regulations regarding the traceability of information privacy and accidental disclosure.

To further ensure the security of its customers’ information, undergoes quarterly perimeter security audits.

Back to Top


From physical and network access control to user authentication and authorization to data storage, transfer, and retention to monitoring and auditing, secures your information at every level of data access, storage, and transfer. With its comprehensive, multiple-layer security strategy, delivers the only secure, reliable digital content delivery service on the market, giving you peace of mind that your company’s confidential and private information always remains safe and secure. When you use the secure digital content delivery service, you can better comply with government regulatory requirements, protect your corporate brand and customer loyalty, and ensure the privacy of your intellectual property and other sensitive data.

Back to Top