Security is the heart of everything that we do.
GDPR, CCPA, ISO 27001, HIPAA, DSP Toolkit, and more.

Security from Day 1; The people who handle your data at 10to8
We follow the Principle of Least Privilege (PoLP).
Only 10to8 Customer Support staff can access your account data in performing their duties only following a request from you. This access is logged and audited. Our staff is unable to access your clients’ data at all.
10to8 staff completes mandatory data compliance training on their first day of work and are required to sign a Data Protection Agreement (DPA) before they start their duties. Data protection trainings are renewed annually.


User permissions; The people who handle your data at your enterprise
10to8’s enterprise scheduling platform enables you to assign different permission levels to each user so that your employees can only access and change what they need to.
10to8 can use your SSO Identity Provider (IdP) to securely authenticate the users on your account. We can use metadata from your IdP to grant permissions and access controls within 10to8. Your employees do not need to remember another password, and you can onboard and offboard staff members in a centralized place.
Passwords are stored encrypted and salted, and never in plain text.
Compliance at 10to8
10to8’s expert Compliance Team is always on top of the latest compliance updates and makes sure that our software supports the handling of sensitive data.
GDPR
HIPAA
CCPA
PCI DSS
DSP Toolkit
ISO 27001
GDPR
ISO 27001
HIPAA
CCPA
PCI DSS
DSP Toolkit
Vulnerability scanning & penetration testing
10to8 is built to be secure from the foundations up – this is automatically tested continuously.
Our systems are subjected to automated vulnerability scanning on a weekly basis, and major items identified during these scans are acted upon immediately. 10to8’s systems also undergo manual penetration testing annually, by CREST Certified penetration test experts.
We are happy to send you our Security Whitepaper and more information upon request.

Safety first; Hosting, third-parties, encryption
Security and compliance are the heart of everything we do and we only work with providers that follow the same ethos.
AWS Hosting
Third Parties
Encryption
AWS Hosting
Third Parties
Encryption

Contingency planning & disaster recovery
10to8 has Business Contingency Plans in place to restore 10to8 systems in case of catastrophic failures. These include Data Center failures, Database failures, and Server failures. These plans are tested and audited regularly.
Our systems are robust and reliable; Our server uptime is 99.95%.