Desk Manager understands that the confidentiality and integrity of our clients’ information are vital for their financial operations. It is essential for clients to feel confident that their competitive company data is secure and cannot be accessed by others. That’s why the security of our clients’ information is our top priority. We use a multi-layered approach to protect valuable information that comes through Desk Manager.
The Desk Manager application is hosted on the Amazon Web Services platform, the undisputed market leader in cloud computing. AWS is protected by industry-standard security measures, ensuring that all hardware and networks meet stringent controls. You can read more about Amazon Web Services by clicking here.
Strict security and firewall policies are used in the Desk Manager setup to ensure that all Desk Manager features are well protected. We store data in the AWS East Region of the US (Northern Virginia). Desk Manager maintains strict access control policies for all Desk Manager administrators required to maintain the Desk Manager application on AWS servers.
Connections to the Desk Manager applications site are encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and strong encryption (AES_128_GCM) ensuring that all your data is protected in transmissions.
Desk Manager has privacy and security policies that apply to all our information handling practices.
Learn more
To access the Desk Manager application, users must use a unique combination of user ID and password. Passwords must meet strong password policies and are encrypted in storage so they are never visible to anyone. Multiple incorrect login attempts may result in the user’s account being locked to protect against brute force guessing attacks.
Within the application, Desk Manager has several levels of user roles and permissions. This allows controlling the creation, editing, viewing, and sharing of features, so it is possible to limit user access with your Desk Manager account. Only administrative users can manage the creation and deletion of users and management information.
Desk Manager annually has third-party tools performing security reviews, pen tests, and vulnerability scans on our application. Desk Manager ensures that controls are in place against common attack patterns such as SQL Injection, Clickjacking, formula injection, Cross-Site Request Forgery, etc.
Desk Manager also uses static code analysis tools to detect potential issues in the code.
LGPD is the acronym for the General Data Protection Law of Brazil. Federal Law No. 13.709/2018 was enacted in August 2018 and came into force in 2021. Desk Manager is aware of the adaptation to the new law and the protection of its users’ and clients’ data is of utmost concern. In addition to rules on the collection, storage, treatment, and sharing of personal data, LGPD imposes more protection and provides for penalties for non-compliance.
Personal data are any and all information that allows the identification of an individual, such as name, address, email, document numbers, phone, and registration data. Consumers must be informed about the purpose the company has for collecting their data, the period of use, and how to change or cancel the data concession.
Desk Manager Software only collects and stores automatically the data voluntarily entered by the user in the conduct of their activities through the use of Desk Manager Software, for the proper functioning and operation of Desk Manager Software. These data are collected with the user’s due authorization, in compliance with the LGPD.
Desk Manager respects the privacy of its clients' and partners' data, being committed to protecting the personal information provided and/or made available from the use of Desk Manager Software. Through the Desk Manager Privacy Policy, you can find the principles, rules, and obligations that guide privacy practices related to Desk Manager Software.
Moreover, Desk Manager employs strict security standards for internet service authentication, ensuring the security of the collected data through electronic management procedures, including EV SSL ("Extended Validation SSL") certification. All data is stored in the cloud and controlled by limited access.
Status API