Data Management and Information Security
We take the responsibility of protecting your data very seriously. We are committed to keeping your data safe and secure by using best practices to protect our systems.
PowerHouse Hub understands the critical importance of protecting client data and site access. We prepare for our incident response life cycle by implementing a high level of security on three levels, hardware, application and database. Our AWS data servers have ISO 27001 certification.
As a company, PowerHouse Hub is committed to continuous improvement in all aspects of our business. We adhere to industry standards and our adherence to ISO frameworks is critical for our operation.
PowerHouse Hub commitment to standards
By achieving our ISO 27001 and ISO 9001 certifications, PowerHouse Hub demonstrates our unwavering commitment to security, quality, and excellence in every aspect of our solutions.
Our ISO 27001 certification ensures that our clients benefit from world-class information security standards, safeguarding their data with robust risk management and compliance practices.
Meanwhile, our ISO 9001 certification guarantees consistent quality management processes, delivering reliable, efficient, and high-performing solutions that meet and exceed client expectations.
Together, these certifications provide our clients with confidence, trust, and peace of mind that they are partnering with a provider dedicated to the highest global standards.
Hosting
Hosting: Perimeter Layer Data Security
The PowerHouse Hub network resides within Amazon Web Services (AWS’s) world class data center. AWS implement controls, build automated systems, and undergo third-party audits to confirm security and compliance. The security includes:
Access is Scrutinized
AWS restricts physical access to people who need to be at a location for a justified business reason. Employees and vendors who have a need to be present at a data center must first apply for access and provide a valid business justification. The request is reviewed by specially designated personnel, including an area access manager. If access is granted, it is revoked once necessary work is completed.
Entry is Controlled and Monitored
Entering the Perimeter Layer is a controlled process. We staff our entry gates with security officers and employ supervisors who monitor officers and visitors via security cameras. When approved individuals are on site, they are given a badge that requires multi-factor authentication and limits access to pre-approved areas.
Monitoring for Unauthorized Entry
We are continuously watching for unauthorized entry on our property, using video surveillance, intrusion detection, and access log monitoring systems. Entrances are secured with devices that sound alarms if a door is forced or held open.
AWS Data Center Workers are Scrutinized
AWS employees who routinely need access to a data center are given permissions to relevant areas of the facility based on job function. But their access is regularly scrutinized, too. Staff lists are routinely reviewed by an area access manager to ensure each employee’s authorization is still necessary. If an employee doesn’t have an ongoing business need to be at a data center, they have to go through the visitor process.
AWS Security Operations Centers Monitors Global Security
AWS Security Operations Centers are located around the world and are responsible for monitoring, triaging, and executing security programs for our data centers. They oversee physical access management and intrusion detection response while also providing global, 24/7 support to the on-site data center security teams. In short, they support our security with continuous monitoring activities such as tracking access activities, revoking access permissions, and being available to respond to and analyze a potential security incident.
Hosting: Infrastructure Layer Data Security
LAYER-BY-LAYER ACCESS REVIEW
Like other layers, access to the Infrastructure Layer is restricted based on business need. By implementing a layer-by-layer access review, the right to enter every layer is not granted by default. Access to any particular layer is only granted if there is a specific need to access that specific layer.
MAINTAINING EQUIPMENT IS A PART OF REGULAR OPERATIONS
AWS teams run diagnostics on machines, networks, and backup equipment to ensure they’re in working order now and in an emergency. Routine maintenance checks on data center equipment and utilities are part of our regular operations.
EMERGENCY-READY BACKUP EQUIPMENT
Water, power, telecommunications, and internet connectivity are designed with redundancy, so we can maintain continuous operations in an emergency. Electrical power systems are designed to be fully redundant so that in the event of a disruption, uninterruptible power supply units can be engaged for certain functions, while generators can provide backup power for the entire facility. People and systems monitor and control the temperature and humidity to prevent overheating, further reducing possible service outages.
Advanced Security Configuration and Control
Our software provides administrators with granular control over key security parameters to align with organisational policies and compliance standards. Within the system settings, you can:
Enforce login lockouts to mitigate brute-force attacks by setting thresholds for failed authentication attempts.
Define password complexity, history, and expiry options to strengthen credential hygiene and meet internal or regulatory requirements.
Enable SameSite cookie protection to defend against cross-site request forgery (CSRF) attacks and safeguard session integrity.
Activate cross-site scripting (XSS) filtering to prevent injection of malicious scripts into user sessions.
Configure X-Frame-Options headers to block clickjacking attempts and ensure content is not embedded in unauthorised iframes.
These configurable settings ensure that every client instance is hardened against common web-based vulnerabilities while maintaining compliance with modern security frameworks and best practices.
How we manage & secure customer data & Personal Identifiable Information (PII)
1. You Own Your Data
- All personal information and data you store in our platform remain your property.
- We do not use your data for analytics, marketing, or any purpose other than providing the service.
2. Our Role
- You are the data controller; we act as the data processor.
- We process your data only in line with your instructions and applicable privacy laws (GDPR, CCPA, Australian Privacy Act).
3. Security of Your Data
- All data is encrypted in transit and at rest.
- Access is restricted by role-based controls, multifactor authentication, and logging.
- Our infrastructure is hosted on secure, globally recognised cloud services.
4. Access to Data
- Our security screened staff may only access customer data only when necessary (e.g., support requests, troubleshooting) and under strict authorisation and logging.
5. Retention & Deletion
- Data is retained for the duration of your license unless you delete it directly or request permanent deletion.
- Upon termination, data is securely deleted in accordance with the company’s data retention policy for service termination unless otherwise instructed.
6. Compliance
- Our data handling aligns with ISO 27001 standards and relevant privacy legislation.
7. Your Responsibilities
- You remain responsible for ensuring that the data you collect and upload complies with applicable privacy and data protection laws
Our commitment to GDPR and Privacy Compliance
PowerHouse Hub is committed to upholding the highest standards of data protection and privacy in accordance with the General Data Protection Regulation (GDPR) and other relevant privacy legislation.
Our commitment includes the following areas:
- Lawful Data Processing
- Transparency and Communication
- Data Minimization and Purpose Limitation
- Individual Rights Support
- Data Security
- Data Breach Response
- Vendor and Processor Management
- Data Protection by Design and Default
- Staff Training and Awareness
- Governance and Oversight
