How we handle Purple Mash customer data

Updated 7 months ago by Lawrence

Curious as to the technical detail of how 2Simple handles customer data for Purple Mash? Here's some interesting "behind the scenes" information to give you a taste of how important we place data privacy for Purple Mash customers.

Purple Mash servers are hosted in Ireland using state-of-the-art cloud technology provided by Amazon Web Services. All servers and Amazon Web Services are regularly patched with the latest security updates. All our customer data is held within this data centre, protected by VPN technology, and replicated across multiple availability zones to prevent accidental data loss.

Access to Purple Mash through a modern browser is secured through the latest HTTPS protocols, transports, key exchange and cyphers, TLS 1.2, ECDHE RSA with P-256 and the AES 128 GCM cypher. For customers using older browsers, the site will fallback to older protocols. Therefore, it is the customer's responsibility to use the latest version of a modern browser to ensure maximum security.

All new staff users and passwords created within Purple Mash have a strong password policy enforcement of at least 7 characters long, with a number, an uppercase letter and a lowercase letter. Staff passwords are encrypted into the Purple Mash database using the state of the art Argon2 algorithm with a random salt. 

All access to customers data for Purple Mash administrators is protected and secured in multiple ways.

  • Access to all Purple Mash servers and database is secured through a VPN. Only three employees within 2Simple have access.Access can be revoked for an employee at any time.
  • Access to the Purple Mash administration site is only given to minimal set of users.
  • All access to customers data within Purple Mash is audited.This means we have extensive logs of all attempts to view or modify customers data.

Purple Mash automatically deletes data that it is no longer required. Full details of our deletion policy can be found in our data privacy and GDPR statements.


How did we do?