Platform Security

We take security seriously. Every guest, host, or admin using our service expects data to be secure and confidential. We understand the importance of safeguarding it for our customers and work to maintain that trust.

Security Features

Traction Guest’s security features are designed to provide a seamless user experience and sophisticated tracking capabilities in an environment that ensures data is kept safe and compliance standards are met.

Password Policies

Traction Guest has strong password requirements in place, and passwords cannot be retrieved, only reset. Traction Guest allows for multiple administrators under the same account, preventing the sharing of passwords between multiple users.

Sign-in Records

Behavioural data including all visitor inputs, date and time of sign in/out, hosts, and location can be exported to .csv format through the Traction Guest UI. Records can also be searched and filtered in the UI itself.

iPad App

The iPad app is designed to retain data in the event of a connection loss, and will sync all sign-in data upon reconnection. Visitors can still sign in on the iPad when it is offline. Traction Guest supports Guided Access mode to prevent visitors from tampering with the iPad.

Data Export

Export your sign-in data into a CSV file, including visitor details, time of entry, documents signed, and more. Use the manual export function or set up automatic exports into third-party systems by creating a custom integration using GuestConnect.

Cloud Security

Traction Guest is built on Salesforce’s Heroku cloud application platform. Heroku applies security best practices, manages platform security, and is designed to protect customers from threats by applying security controls at every layer (physical to application).
Traction Guest and its data are completely isolated and receive rapidly deployed security updates without customer interaction or service interruption.
While running on the Heroku platform, Traction Guest functions within its own insulated environment. This restrictive design prevents security and stability issues by isolating processes, memory, and the file system using LXC. Host-based firewalls restrict applications from establishing local network connections.
Uptime levels are explained on Heroku’s Policy Page and historical availability data is available on Heroku’s Status Page.

To further increase security levels, we are using Cloudflare as a Web Application Firewall (WAF) to protect our platform from malicious requests. By running all queries through the nearest Cloudflare data center, we shield our Domain Name System (DNS) infrastructure from Distributed Denial of Service (DDoS) attacks. In plain English: Cloudflare will protect us from cyber-attacks that attempt to disrupt or make our online service unavailable by overwhelming it with unwanted traffic from multiple sources.

Server Security

Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Service’s (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under:

Regional Data Centers

Data residency is an important consideration when choosing a cloud solution. Legal or regulatory requirements are imposed on organizations that handle sensitive personal information. Depending on the country or industry such as governmental institutions, medical industries, or education, businesses are required to store their visitor data locally. To support our international customers, Traction Guest offers the choice between a US, UK or Canadian data center. We are committed to data protection and are working on growing this list to provide the flexibility you need. Get in touch for more information.

Severity Levels and Responses

We’re proud to have over 99% uptime and will continue to work hard on making sure everything runs smoothly. Should something go haywire, rest assured that we have a plan and will keep you posted. For platform-wide Severity 1 and 2 issues, we keep our customer updated on our status page where you can subscribe to get instant notifications.

Severity 1


Critical system failure that results in an inability to fulfill vital business functions.

This means visitors or users cannot access the platform, notifications are not triggering, or account-wide issues to connect to the iPad. We focus on resolving any Severity 1 matter as quickly as possible. For our Enhanced customer, we offer 24/7 emergency support and, if required, will provide hourly updates until the issues are resolved.

Severity 2


Serious issues significantly impacting the use of the Traction Guest platform.

Visitors and users are materially impacted, with 50% of users or visitors not able to access the platform or certain features not functioning. This may include CSV files not uploading correctly, integrations not running smoothly or platform issues related to badge printing. We will respond to Severity 2 cases during business hours and will provide daily updates.

Severity 3


Negative features or missing features that are causing inconvenience to users.

Severity 3 cases are not business critical and can include how-to questions, reporting issues, smaller technical bugs or feature requests. We always love to hear your ideas and feedback. Depending on the complexity, we will do our best to fix the issue in the next release or add it to our roadmap.

Our Development Policy

We are eager to continuously release new functionality. As a cloud-based service, upgrades do not require customer involvement aside from upgrading the iPad app (if automatic updates are disabled on the iPad). Our development team uses a standardized process to ensure changes are made securely and reliably, with a focus on quality.

Process


1 All changes begin with a pull request from a local development branch to a QA environment.

2 Before changes are merged into a QA environment, a code review is done by a senior developer.

3 The change is then tested in QA, and another run of testing in UAT.

4 Code is finally pushed from UAT to production. All code migrations occur across SSL.

Releases


New releases are typically available at least once a month. Releases include documentation, ie. release notes including videos to showcase new functionality to all customers.

Employees


Traction employees all undergo background criminal checks and sign a NDA upon hire. We do not use consultants/contractors. Traction Guest employees do not have access to customer accounts unless granted by customers.

Supported Languages

English
French
Spanish
Portuguese
Simplified Chinese
Traditional Chinese
Japanese
German
Russian
Swedish
Dutch
Indonesian