Platform Security

We take security seriously here at Traction Guest. Every guest, host and admin using our service expects their data to be secure and confidential. We understand how important the responsibility of safeguarding this data is to our customers and work to maintain that trust.

Security Features

Guest’s security features are designed to provide ease of use, seamless user experience and sophisticated tracking capabilities in an environment that ensures data is kept safe and compliance standards are met.

Password Policies

Traction Guest has strong password requirements in place, and passwords cannot be retrieved, only reset. Traction Guest allows for multiple administrators under the same account, preventing the sharing of passwords between multiple users.

Sign-in Records

Behavioural data including all visitor inputs, date and time of sign in/out, hosts, and location can be exported to .csv format through the Traction Guest UI. Records can also be searched and filtered in the UI itself.

iPad APP

Traction Guest’s iPad app is designed to retain data in the event of a connection loss, and will sync all sign-in data upon reconnection. Guests can still sign in on the iPad when it’s offline. Traction Guest supports Guided Access mode to prevent visitors from tampering with the iPad.

Data Export

Legal documents signed in DocuSign through Traction Guest are stored in the DocuSign account and can be automatically forwarded to any e-mail address if chosen. If required, all data from a customer’s account can be exported and provided to the customer upon special request.

Your Compliance

ITAR | The International Traffic in Arms Regulations and the Export Administration Regulations (EAR) are two important United States export control laws that affect the manufacturing, sales and distribution of technology.
ITAR requires knowledge of your visitor’s country of residence (US or other). Traction Guest allows you to ask your visitors this question and give them a custom experience based on their nation of residence. Specific documents, notifications to hosts, and follow up questions can be used for international visitors while allowing your US visitors to bypass additional requirements.

PCI DSS | The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
Part of the PCI Compliance standard is control of physical access to your facility (requirement 9). To comply with this requirement, merchants must restrict access to protected areas (ie. your office) and know the difference between customers, staff, and other potential attackers. Traction Guest allows you to ask your visitors their reason for visiting and produce a custom visitor badge including their reason for visiting, allowing you to visually identify different types of people in your facility.

Cloud Security

Traction Guest is built on Salesforce’s Heroku Cloud Application Platform. Heroku applies security best practices, manages platform security, and is designed to protect customers from threats by applying security controls at every layer (physical to application).
Traction Guest and its data are completely isolated and receive rapidly deployed security updates without customer interaction or service interruption.
While running on the Heroku platform, Traction Guest functions within its own insulated environment. This restrictive design prevents security and stability issues by isolating processes, memory, and the file system using LXC. Host-based firewalls restrict applications from establishing local network connections.
Uptime levels are explained on Heroku’s Policy Page and historical availability data is available on Heroku’s Status Page.

Server Security

Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Service’s (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under:

Support Issue Priority and Timelines

Priority I

First response target within 15 min.

Fatal Issues that result in a customer’s inability to fulfill critical business functions that have no reasonable work around.

Priority II

First response target within 1 hour.

Serious issues significantly impacting use of Traction products.

Priority III

First response target within 1 business day.

All other issues, eg. how-to questions, reporting issues.

Our Development Policy

Updates with new functionality are released on a regular basis. As the service is cloud-based, upgrades do not require involvement from customers aside from upgrading the Traction Guest iPad app (if automatic updates are disabled on the iPad). Our development team uses a standardized development process to ensure all changes are made securely and reliably, with a focus on quality.

Process

1 All changes begin with a pull request from a local development branch to a QA environment.

2 Before changes are merged into a QA environment, a code review is done by a senior developer.

3 The change is then tested in QA, and another run of testing in UAT.

4 Code is finally pushed from UAT to production. All code migrations occur across SSL.

Releases

New releases including new functionality are typically available once a month or more. Releases include documentation, ie. release notes including videos to showcase new functionality to all customers.

Employees

Traction employees all undergo background criminal checks and sign a NDA upon hire. We do not use consultants/contractors. Traction Guest employees do not have access to customer data, it must be granted by customers.

Supported Languages

English
French
Spanish
Portuguese
Simplified Chinese
Traditional Chinese
Japanese
German
Russian
Swedish
Dutch
Indonesian