SafariDesk Logo SafariDesk
Compliance & Security

Compliance & Security

1. Overview

The security of our customers’ data is critically important to us. SafariDesk is committed to protecting our customers’ personal and sensitive information. This notice describes our data security and compliance statement.

2. Compliance

2.1 Credit Card Data Storage (PCI Compliant)

SafariDesk does not capture, transit or store any credit card information. All credit card data is captured and stored securely by our PCI compliant payment gateway provider, Stripe, which is certified to PCI Service Provider Level 1.

2.2 Datacenters Certification

SafariDesk runs on leased servers provided by Linode in two different datacenter locations.

  • Dallas, TX – SOC2 security certified
  • London, UK – ISO9001 security certified

Certificates are available upon request.

3. Data Security

Security is of paramount importance to us. We focus on providing a secure environment that goes above and beyond industry security standards and guidelines. The following is an overview of the steps we take to secure our customers’ private information.

3.1 Secure Server Access

  • SafariDesk network is set up securely with minimal access to outside networks. All communication with servers (outside of public HTTP/HTTPS access) is over encrypted secure shell (SSH) with authentication only available via public/private key (PKI).
  • Server administration is performed over VPN connection.
  • SSH password-based authentication is disabled.
  • Firewalls on all servers are set to default-reject.
  • Database connections are only accepted from authorized servers on the internal private subnet.

3.2 Software Updates and Security Patches

SafariDesk facilitates secured patching and software updates of all our server infrastructure systems, including actively monitoring numerous online resources for the latest vulnerabilities. It’s our policy to apply security patches as soon as they are made available.

3.3 Access and Activity Logging

  • All access and activities by our employees on our servers are logged, monitored and observed.
  • Restricted role-based access to servers and data.
  • Documented Change Management Process – All changes to the infrastructure for both network and software are documented and peer-reviewed.
  • Server access logs for auditing are kept for 28 days.
  • Our SafariDesk customers’ access to their account is logged and available for review by account administrator. IP whitelisting is also available for SafariDesk customers, which can dramatically reduce the exposure of our customers’ accounts.

3.4 Password Hashing

User account passwords are salted and hashed using a slow hash function to increase security. SafariDesk employees cannot recover original passwords.

3.5 Siloed Databases

SafariDesk customer’s data is siloed to individual databases with restricted access to ensure optimum availability while ensuring complete customer privacy and data segregation. We do not co-mingle multiple accounts on the same database tables.

3.6 On Disk Encryption

SafariDesk databases are encrypted on disk with AES-256. Decryption keys are stored securely on separate machines.

3.7 Encrypted Offsite Backups

Backups are performed nightly, encrypted and stored offsite.

4. Reliability

SafariDesk infrastructure has been architected to provide one of the most flexible and secure environments available. Our network operations team considers reliability to be of the greatest operational concern, they like to sleep at night!

4.1 Infrastructure Redundancy

  • SafariDesk infrastructure is built with high availability and redundancy in mind. We’ve also gone to great lengths to remove all single points of failure.
  • Redundant front-end proxy web servers
  • Application servers are redundant and load balanced.
  • Clustered database servers — multiple masters (no failover time).
  • Highly available and scalable DNS.
  • Redundant messaging infrastructure for the monitoring system

4.2 Infrastructure Monitoring

SafariDesk infrastructure is monitored 24/7. Any critical incident triggers SMS alerts to the entire network operations team.

4.3 Disaster Recovery

We make routine backups of our server configurations and database data to be used in the unexpected event of data loss or corruption.

Last updated: June 5, 2025