We take security seriously at SessionLab. And for good reason: every person and team using our service expects their data to be secure and confidential. We are constantly working on bringing in state-of-the-art security practices into our product, so you can take advantage of cutting-edge features designed to safeguard your data and work to maintain your trust.

SessionLab’s infrastructure is hosted on Amazon Web Services (AWS). The compliance program of AWS is designed to follow international security standards and regulations while protecting confidentiality and data privacy. Data centres provide the necessary means to operate 24 x 7 and protect data from physical damage and network issues.

Read more here about where your data is stored.

When you access SessionLab, SSL technology protects your information using both server authentication and data encryption. We never store passwords as clear text – they are always hashed securely with state of the art algorithms. All network communication uses TLS with at least 128-bit AES encryption. The connection uses TLS v1.3, and it is encrypted and authenticated using AES_128_GCM and AES_128_CBC, using ECDHE_RSA as the key exchange mechanism. Qualsys’ SSL Labs scored SessionLab’s SSL implementation as “A+” on their SSL Server test.

Additionally, the data is encrypted at rest using an industry-standard AES-256 algorithm.

SessionLab uses authenticated logins to maintain application security and Secure Socket Layer (SSL) for security during transmission, ensuring complete data privacy.

In case you require further information on our security infrastructure and governance, please get in touch with us at support@sessionlab.com.

All of the data is backed up continuously to a secure location. In addition, we make a daily backup to an off-site secure location. The backup data is kept for 30 days. The data and all of the backups are stored in Europe.

SessionLab is not in the business of storing or processing payments. All payments made to SessionLab are handled by our payment service provider, Braintree Payments (a division of PayPal). Details about their security setup and PCI compliance can be found at Braintree’s security page.

It is essential that we provide a reliable service to our customers, making sure that the data you trust us to store is always available when you need it. During the past year, we reached 99.98% service uptime (the sum time when the service was unavailable during the past 365 days was decreased to under 2 hours).