For obvious reasons, we will not provide full details of our data security approaches. However, we can provide an overview for those who may have a technical interest in our backend.
All data is stored in a Microsoft Azure SQL database with IP restricted access. This means that database access is only available to users coming from known and approved IP addresses which provides a very high level of security on top of the existing security architecture that comes “out of the box” with Azure and SQL Server.
Our public APIs (the connections from the app to the backend services) are all protected using TLS 1.2 or greater at the transport level and the calls to our backend are further protected by an application level security token that is unique to each transaction. Although this does not guarantee that the system cannot be hacked, it does make it highly tamper resistent.
There are other security measures in place, and we feel that the value of the data stored within our system is worth less than the effort it would require to extract that data, which is a primary goal of information security systems.