<img alt="" src="https://secure.smart-business-intuition.com/262289.png" style="display:none;">
Skip to content
    Enterprise Security_images

    Protecting your business and customers

    At 10to8, we’re dedicated to providing industry-leading security and compliance, including GDPR, CCPA, ISO 27001, HIPAA, DSP Toolkit, and more.

    online security_images1

    Highest security levels: Our standard

    We follow the Principle of Least Privilege (PoLP). Only our Customer Support Staff have access to your account data, simply to perform their role in managing your requests. This access is logged and audited. No client data can be accessed by other members of staff. Every 10to8 employee has completed mandatory data compliance and is required to sign a Data Protection Agreement (DPA) when joining us. Data protection training is performed annually.


    Control who handles data with user permissions

    With 10to8, you can assign different permission levels to each user so that employees can only access and change what they’re allowed to. You can also use your SSO Identity Provider (IdP) to securely authenticate the users on your account. We can use metadata from your IdP to grant permissions and access controls within 10to8. This means that employees don’t need to remember certain passwords, and you can onboard and offboard staff members centrally. All passwords are stored encrypted and salted, and never in plain text, securing and protecting passwords stored for future authentication.

    Compliance that puts you first

    Our expert Compliance Team is always on top of the latest compliance updates and makes sure that our software supports the handling of sensitive data. Read our policies.



    10to8 complies with the EU and UK General Data Protection Regulations.



    We provide tools to safely store medical data, the PHI of patients in the US and can issue a signed Business Associate Agreement (BAA).

    Save storage


    Our software is fully compliant with the California Consumer Privacy Act.



    We maintain a secure payment processing environment and comply with the Payment Card Industry Data Security Standards.


    DSP Toolkit

    We are listed on the NHS Data Security and Protection Toolkit under code 8KL47.


    IS 27001

    10to8 has been certified by BSI to meet the International Information Security Standards and is registered under IS 705787.

    Penetration Testing

    Vulnerability scanning & penetration testing

    10to8 is built to be secure from its foundations up and is continually tested. Our systems are subjected to automated vulnerability scanning on a weekly basis, and major items identified during these scans are acted upon immediately. Our systems also undergo manual penetration testing annually by CREST Certified penetration test experts. We’re happy to send you our Security Whitepaper and more information upon request.

    State-of-the-art hosting, third-parties & encryption

    Security and compliance are the heart of everything we do, and we only work with providers that follow the same ethos.

    AWS Hosting

    Our services are hosted in Amazon’s Secure Data Centers across multiple availability zones with warm-standbys to provide emergency backup systems. Backups are automated, isolated, and encrypted. Amazon’s data center operations have been accredited under ISO 27001, SOC 1, and SOC.

    Third Parties

    10to8 uses some third parties to provide certain services such as sending emails, SMS, and voice calls, as well as synchronizing calendars. All data in transit is encrypted. We audit all data that is shared with third parties annually, and we have GDPR Compliant Data Processing Agreements in place with all of them.


    Highest level of encryption

    All data is encrypted using the industry-standard AES-256 algorithm provided by Amazon’s RDS systems. 10to8 can only be accessed over HTTPS, with automatic HTTP redirects in place. 10to8’s HTTPS certificate is RSA 2048 bits (SHA256withRSA), and supports TLS 1.2. Find out how our enterprise scheduling system will fit into your organization. Book a discovery call today.

    online security_images2

    Contingency planning & disaster recovery

    You can rest assured that we have Business Contingency Plans in place to restore 10to8 systems in case of catastrophic failures. Tested and audited regularly, these include Data Center failures, Database failures and Server failures. Our systems are robust and reliable; Our server uptime is 99.95%.

    Start taking bookings online

    Create a custom online booking page, benefit from automated SMS, Email & Voice reminders, and reduce appointment no-shows by up to 90%.