Last updated: April 7, 2020.
MOBIHQ is committed to the security of your application’s instrumentation and performance data. As part of this commitment, we use a variety of security technologies and procedures to help protect your information from unauthorised access, use or disclosure.
We provide standard access to MOBIHQ software through a login and password.
MOBIHQ allows an unlimited number of authorised users to be associated with an individual account. Customers are responsible for managing their own accounts, including provisioning and deprovisioning their own users.
You control access
As a MOBIHQ customer you have the flexibility to invite unlimited admin users into your account to collaborate on your data. Admin users can have access at a store or head office level. Admin users can control everything within the store(s) and head office(s) where they have access.
MOBIHQ's approach to protecting our systems and your data is to have multiple layers of security controls to protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. MOBIHQ's security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.
MOBIHQ is a cloud based service and as such we operate a tenancy based model across our data stores. Access to data is authorised by confirming access for a user to the associated tenancy and ensuring all queries are pre-filtered by the tenancy key.
Secure data centres
MOBIHQ is hosted within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. MOBIHQ maintains multiple geographically separated data replicas and hosting environments to minimize the risk of data loss or outages.
With respect to business continuity MOBIHQ operates from several Amazon Web Services data centres in Sydney. To maintain continuity of service MOBIHQ securely stores all raw inbound data which is currently active and within application retention periods in a secondary location to allow us to restore data following a catastrophic outage in our primary hosting location. Backups of our data stores are also stored in different physical sites and with different services to allow for fast recovery in the event of an individual data store failure.
PCI DSS compliance
PCI DSS stands for Payment Card Industry Data Security Standard. Essentially, it’s a set of rules put in place to ensure that all companies that process online and mobile payments, transmit, or store credit card data does so in a secure environment.
MOBIHQ works exclusively with third party PCI compliant payment gateways which adhere to and follow security best practices - as outlined by the PCI compliance standards.
The payment gateways supported by MOBIHQ securely store all card holder data and no credit card numbers or CSV data passes through or are stored on MOBIHQ servers or mobile applications.
MOBIHQ keeps a log of user actions within the system so that changes that modify the configuration of your MOBIHQ applications or any destructive operations (e.g. deleting data) are clearly tracked and can be reviewed at any time.