Here's an overview of Timetastic security:
Your data is sent using HTTPS.
When your data is moving between you and us, everything is encrypted, and sent using HTTPS.
We host on Microsoft Azure
Timetastic is hosted on Microsoft Azure cloud platform. This places your data in their European data centres. At the time of writing we use their UK South for primary and North Europe (Ireland) for backups.
Using Azure means we take advantage of their rigorous security standards and reliance, servers and firewalls are always up to date. You can read more about their specific standards and procedures here: https://azure.microsoft.com/en-gb/support/trust-center/
We don't store your debit/credit card information.
All our payments are processed through Stripe https://stripe.com/gb They are a PCI Service Provider Level 1 organisation - the most stringent certification level available in the payment industry.
Using Stripe means we don't need to store your payment card details, they are sent encrypted direct to Stripe, we don't store them anywhere.
You can read more about security at Stripe here: https://stripe.com/docs/security/stripe
Your passwords are hashed
We hash your passwords using Bcrypt https://en.wikipedia.org/wiki/Bcrypt, but that's no reason not to create a strong password in the first instance.
We encourage you to understand, and educate your employees on what makes a strong password, and use them accordingly, maybe test score a password on here https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html