Security Statement & GDPR
1. User Security
- (a) TABX requires users to create a unique user name and password that must be entered each time a user logs on.
- (b) A session "cookie" is used to record encrypted authentication information. The cookie does not include either the username or password of the user. It is only used for the duration of a specific session.
- (c) Secure Sockets Layer (SSL) technology protects user information and uploaded data. This uses both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons.
- (d) Passwords and credit card information are always sent over secure 128-bit encrypted SSL connections, via Stripe Payments
- (e) Our procedures for managing payments and account information are PCI-DSS compliant.
- (f) Credit card information is not processed, stored or transmitted on TABX servers. It is handled directly by third-party payment processors who are PCI-DSS compliant.
2. Physical, Network and Storage Security
TABX runs in data centers managed and operated by Web Forward. These data centers comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability.
- (a) Code is written in PHP 7.1, running on CentOS via Apache Web Server Technology.
- (b) The latest patches are automatically applied to all our operating system and application files.
4. What We Do If There is a Security Breach
- (a) Attempt to notify users electronically.
- (b) Review our policies and procedures.