GDPR, privacy and security

From the beginning, we've developed CrewPlan with focus on privacy and security.

When choosing a volunteermanagement system it is important, that the data your volunteers store are both private and secure.

We store all userdata in a secure encrypted format at all times, this means that all data - sensitive or not - your volunteers enter into the system are always protected. This is to ensure even in an unlikely databreach, all data will be encrypted using best practice and no personal information can be extracted.

Two-factor authentication security

All administrator-accounts require two-factor authentication which can't be disabled, this means that even if an administrator should be careless and have their password compromised, the account will be secure as long as the would be intruder can't access the administrators emailaccount or phone also.

Secure as your online banking

All connections to our servers are at all times encrypted using SSL, the same method used by banks and other secure sites. This means that all data transmitted to/from our servers always will be encrypted so no third-party can access the data.

All data stored inside EU

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. As an european company we comply fully to the GDPR law. All data are stored and processed on servers in the European Union.

Our servers are hosted by Digital Ocean in Frankfurt Germany, we use Amazon services in Germany and Ireland to store backupfiles and send emails. We use Gatewayapi in Odense Denmark for textservices.

Servers and monitoring

All of our servers and services are monitored 24/7 by multiple sources, using a fully automated server environment our servers has a uptime of more than 99.99% and hasn't had a unscheduled fallout the last 4 years.

Monitoring of the services happens from 5 different locations and should there be any problems, our staff are alerted by text instantly. At the location of our servers, there are always technical staff present 24/7, emergency power, cooling and multiple fiber-connections are standard.

Backups and security

All files uploaded to CrewPlan are instantly copied to our datastorage at Amazon, uploaded documents are encrypted before being stored, we log every time a document are being downloaded by a user.

Every 4 hours we perform a full database backup, the backupfile are encrypted before being stored in an encrypted container at Amazon. Every 4 hours a backup-databaseserver retrieves the latest backupfile and imports to ensure fileintegrity. All databasebackups are deleted from our backupdrive automatically after 90 days, after which point we are unable to restore the data.