Security

Thousands of organizations trust GoodDay with their work data, and we have made data security and privacy our #1 priority.

GoodDay Security Statement

We strive to ensure that user data is handled securely. GoodDay uses some of the most advanced technologies for Internet security commercially available today. This Security Statement is aimed to provide transparency around our security infrastructure and practices and to help reassure you that your data is appropriately protected.

Datacenter security

All GoodDay information systems and infrastructure are hosted in world-class data centers at Equinix and AWS facilities. These facilities feature 24/7 manned security, fully redundant power backup systems, physical access controls, biometric authentication systems, extensive seismic bracing, the latest technology early-detection smoke and fire alarms, and digital surveillance systems. All server and network components are constantly monitored by internal GoodDay staff and by the colocation providers.

Availability

Over the years of service, GoodDay has consistently met or exceeded 99.9% uptime metric, ensuring customers can access their work data without interruption. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work secure and uninterrupted.

Continued data backup

GoodDay is running real-time database replication to ensure that customer data is both backed up and available on redundant and geographically dispersed servers, physically separated from the application servers, aiming to ensure fault tolerance.

Network and system security

Access Control: Secure VPN, 2FA (two-factor authentication), and role-based access are enforced for systems management by authorized engineering staff.

Encryption in Transit: By default, our survey collectors have Transport Layer Security (TLS) enabled to encrypt respondent traffic. All other communications with the GoodDay platform are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.

Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.

Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.

Data encryption

GoodDay uses proven transport layer security (TLS) technology from the most trusted providers to encrypt all data transmissions between your device and our servers, commonly referred to as on-the-wire encryption. TLS technology is designed to protect your information by establishing trust of our servers through a trusted third party, and then creating a secure channel through which your data can pass to our servers protected from malicious actors. We also use AES 256 encryption before data is durably stored, commonly referred to as at-rest-encryption. A dedicated firewall provides a strong barrier of network security from the internet and we utilize Amazon’s S3 service to store and serve uploaded files.

Security audits

GoodDay uses external auditors to verify the adequacy of its security measures. This audit: (a) will be performed at least annually; (b) will be performed according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001; (c) will be performed by independent third-party security professionals at GoodDay’s selection and expense.

User security

Each user in your GoodDay environment has a unique user name (i.e., their email address). We offer forms-based authentication (username and password) and Google Authentication to all users of GoodDay. GoodDay issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the user name or password of the user. GoodDay does not use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. All account login attempts are logged, and account lockout policies can be enabled to lock account access after a certain number of failed login attempts if requested.

Single Sign-On: For Enterprise accounts, GoodDay supports SAML 2.0 integration, which allows you to control access across your organization and define authentication policies for increased security.

Operational management

We have implemented policies and procedures designed to ensure that your data is secure and backed up to multiple physical locations. Our team is continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access to or unplanned downtime of the Subscription Service. Access to all production systems and data is limited to authorized members of the GoodDay Technical Operations team.

Privacy

GDPR

In accordance with the provisions of the EU General Data Protection Regulation (GDPR) GoodDay has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. GoodDay DPA is available at https://www.goodday.work/dpa so that our customers can be confident that their data is processed in a lawful and transparent manner. If you want to obtain a signed copy please email us at dpa@goodday.work

CCPA

The California Consumer Privacy Act (CCPA), which comes into force on January 1, 2020, is a law that provides California consumers certain rights with respect to their personal information. Specifically, the law requires that businesses subject to the statute grant consumers the ability to request access to and deletion of their data, and the ability to opt out of “sales” of their personal information. GoodDay does not sell its customers’ or users’ personal information. Where a business subject to the CCPA has entered into a services or subscription agreement GoodDay will also act as a service provider to that business. GoodDay will process such customers’ personal information only for the purposes set forth in the applicable agreement, and will cooperate with customers to fulfill deletion or access requests.

For more information on how GoodDay collects and processes data, please check our Privacy policy https://www.goodday.work/privacy and Terms of service https://www.goodday.work/tos

Want to know more?

If you have any questions or security concerns, please contact us at support@goodday.work