Admin By Request is developed by FastTrack Software, which is a European company and we must therefore
abide to the EU General Data Protection Regulation - GDPR in short. To comply with Article 28 in the
General Data Protection Regulation, any European company must provide a Data Processing Agreement (DPA) between
us and any European customer. The agreement does apply to all customers around the world, which means
that all customers reap the benfits of the strict GDPR requirements towards us.
The overall purpose of Article 28 is transparancy to the customer and to describe internal
procedures in terms of security, availability and privacy when managing customer data.
Log in with your licensed or trial credentials and click the link below to get a printable agreement
between you and us. Please contact us, if you are a licensed customer and wish to get a signed copy from
an Executive of FastTrack Software.
SOC 2 is developed by the American Institute of CPAs (AICPA) and defines criteria for managing customer data based
on five "trust service principles" — security, availability, processing integrity, confidentiality and privacy.
SOC 2 and GDPR Data Processing Agreements are very similar. They both address the same procedures. The key difference
is that a GDPR Data Processing Agreement is based on the right to audit by the customer, whereas SOC 2 is a certification
by a trusted third party. GDPR and SOC 2 compliances have to be seen two-fold, which is the hosting side (Microsoft) and
the access side (FastTrack Software). Microsoft Azure is SOC 2 certified, whereas FastTrack Software is currently in the process of
SOC 2 certification. Please refer to the link below for Microsoft Azure compliances.
The service we provide to you uses a multitenancy model. Multitenany is the norm for SaaS solutions and is the model used by
all major SaaS solutions, such as SalesForce or Google Apps - and your bank. Your bank does not have a separate system for you as a customer.
Your bank uses multitenancy, which means that a set of pooled computing resources is shared among multiple customers
(tenants) using application level isolation. A tenant (e.g. your company as a customer in your bank) is a group of users who share a common
access with specific privileges to the software instance. With a multitenant architecture, the software application is designed to provide every
tenant a dedicated share of the instance - including its data, configuration, user management and individual functionality.
Please refer to the Wikipedia pages below for more deeper explanation of SaaS and Multitenancy.
Where we store your data
We use Azure SQL to store your data. We store the data in Azure SQL in Europe and California.
If you are based in USA or Canada, your data in located in California. If you are everywhere else in the
world, the data is stored in Azure SQL in Amsterdam.
How we back up your data
Data is geo replicated to the opposite Azure SQL location to ensure backup, fail-over and disaster recovery.
Microsoft backs up Azure SQL and guarantees an Azure SQL restore is possible from any
minute of the day for at least 7 days backwards. We also do a daily cold storage backup,
in case of a complete Microsoft failout.
How long we keep your data
We keep your auditlog data for 12 months by default. You can change the data retention period in your settings
from a minimum of 3 months to a maximum of 5 years.
What data the inventory collects
The inventory collects basic hardware data, operating system version, user and computer domain and OU names,
list of installed software, list of local administrator account names, list of computer and user groups and ip address.
In case of GDPR concerns, you can disable the inventory entirely or disable collection of user name, account name,
email address and phone number in the Settings menu after login.
What data is cached on the client
The client software works exactly the same off your LAN as it does on your LAN. This is possible because it caches the domain
groups and OU name of the computer and the logged on user to be able to determine sub settings.
This cache is stored encrypted on the client.
What session data we collect
When a user has completed an App Elevation or an Admin Session, the client collects computer name, duration,
installed and uninstalled software, UAC elevated programs, reason for administrator need and
user's account name and full name. If the reason screen is used, email address and phone number are also
collected, as entered by the user on the screen. You can disable collection of user name, email address and phone number
in the Privacy menu in Settings in the portal.
How we send data
The data communication between the client and our servers is through our load balancer IP 126.96.36.199 using port 443 (HTTPS).
The data itself is further encrypted using a 256 bit encryption on top of the SSL encryption to protect against
by a person who has physical access to the client using a program like Fiddler.
Service Level Agreement
The service level agreement for Azure SQL is 99.99%. In case of a failure,
geo replication will automatically fail-over to the opposite continent.
As a licensed customer, you will receive a main login from us. With this login, you can create other
logins with limited access, such as access for an auditor or a manager.
A login also grants rights to see the same data in the mobile app
For all users, you can enable two factor authentication.
We support single sign-on (SSO) for Office 365, Azure AD, ADFS, Okta and any SAML 2.0 identity provider.
We recommend you set up single sign-on, because this ensures that you terminate access to the portal,
when employees leave the company. Refer to this page
technical setup of SSO.
We use Azure web servers in multiple continents, to make sure we provide great performance
anywhere in the world and to make sure the portal is always up.
Denial of service protection
The portal is protected from distributed denial of service by Azure DDos protection.
Refer to the document below for more information:
Service Level Agreement
Our web servers are located in the same Azure Availability Set in each continent.
An Azure Availability Set is a guarantee that Microsoft will not take web servers down for
maintenance at the same time. Microsoft guarantees a 99.95% up time in each continent in this set up:
We are 100% transparent and open about how we operate the service. If your question is not answered here, feel free to contact us on the live chat or use the Contact menu to call us or send us an email.