262-299-4606 • Email us

SaaS and Compliance

Admin By Request is Software as a Service ("SaaS"). The benefit of a SaaS solution is that you do not need any infrastructure at all, which in turn means that a proof-of-concept project literally can be set up in minutes. We take care of availability and scalability for you with our hosting partner, Microsoft, to provide you with a first class customer experience. We have chosen Microsoft Azure to host your service, because it is a top 3 world service provider in terms of availability, security and compliance.

Request a free demo


Where we store your data

We use Microsoft Azure SQL to store your data in two regions - USA and Europe. We use two locations in each region using SQL replication to make sure your service is up in case of Microsoft Azure outages. If you are based anywhere outside Europe, your data is stored in the USA in the states of Virginia and Washington. If you are based in Europe, your data is stored in the Netherlands and Ireland. All our web servers are located in the same four locations for optimal performance towards you. None of your data exist in the opposite region.

Azure geo replications

Can I choose where you store my data?

Yes. If you want us to store your data in the opposite of your natural region, please let us know by the time you license.

How we back up your data

Data is real-time geo replicated between the two locations in your region to ensure backup, fail-over and disaster recovery. Microsoft backs up Azure SQL and guarantees an Azure SQL restore is possible from any minute of the day the last 30 days. We also do cold storage backup, in case of a complete irrecoverable Microsoft Azure failure on both locations in a region.

How long we keep your data

We keep your auditlog data for 12 months by default. You can change the data retention period in your settings from a minimum of 3 months to a maximum of 5 years.

Encryption at rest

We use Azure SQL transparent data encryption for all data at rest to ensure no unauthorized access to data is possible.

Encryption in transit

The data communication between the client software and our servers is using SSL encryption. The load balancer IP depends on your region:
  • (if your data is located in the USA)
  • (if your data is located in Europe)
Furthermore, the raw data is also encrypted using a 256 bit encryption to protect against Man-in-the-middle attacks by a person who has physical access to a client.

Who has access to the production environment

Only the appointed Data Protection Officer has access to the production environment. Please refer to our GDPR Data Processing Agreement for more information.

How we handle internal security

We have strict security policies in place for all our employees. Please contact us to receive a copy of our internal Information Security Policy.

What data the inventory collect

The inventory collects:
  • Basic hardware inventory data, such as computer model, cpu, ram and operating system
  • IP address
  • User and computer domain and OU names
  • User's phone number and email address (see note below)
  • List of local administrator account names
  • List of computer and user groups (AD Domain or Azure AD)
  • List of installed software
In case of GDPR concerns, you have the ability to disable the collection of user name, account name, email address and phone number in the Settings menu after login. You can also disable the entire inventory, if this is your preference.

Which data is cached on the client

The client software for domain joined computers works exactly the same off of your LAN as it does on your LAN. This is possible because the clients cache an encrypted copy of domain groups names and OU name of the computer and the logged-on user, to be able to determine sub settings both online and offline. If your computers are Azure AD joined, a similar groups cache is kept for performance reasons. If your computers are stand-alone, no data is cached.

Which session data do we collect

When a user has completed an App Elevation or an Admin Session, the client collects:
  • Computer name
  • Duration
  • Installed and uninstalled software
  • UAC elevated programs
  • Reason for administrator need (if configured)
  • User's account name and full name (if configured)
If the reason screen is used, email address and phone number are also collected, as entered by the user in the pop-up window. You can disable collection of user name, email address and phone number in the Privacy menu in Settings in the portal.

Which data diagnostics collects

In a support situation, one of our support engineers might ask the end user to invoke the About screen and click the Connectivity tab and ask the end user to click the "Submit diagnostics data" link. This will send trivial system data to us to understand the history of the endpoint software. If the end user clicks the link and confirms, the client submits:
  • Current configuration state (downloaded settings)
  • Data in queue to be uploaded
  • When the endpoint software was installed or upgraded
  • When the services of the endpoint software were started or stopped
  • Events from the local event log related to Admin By Request
This data cannot be extracted by us without the user clicking the link and is kept up to a week. Note that an end user cannot create a support ticket, only portal administrators can.

Service Level Agreement

The service level agreement for Azure SQL is 99.99%. In case of a failure, geo replication will automatically fail-over to the secondary location.



Admin By Request is developed by FastTrack Software, which is a European company and we must therefore abide to the EU General Data Protection Regulation - GDPR in short. To comply with Article 28 in the General Data Protection Regulation, any European company must provide a Data Processing Agreement (DPA) between us and any European customer. The agreement does apply to all customers around the world, which means that all customers reap the benefits of the GDPR requirements towards us. The overall purpose of Article 28 is transparency to the customer and to describe internal procedures in terms of security, availability and privacy when managing customer data. Log in with your credentials and click the link below to get a printable agreement between you and us. Please contact us, if you are a licensed customer and wish to get a signed copy from an Executive of FastTrack Software.


SOC 2 is developed by the American Institute of CPAs (AICPA) and defines the criteria for managing customer data based on five "trust service principles":
  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy
SOC 2 and GDPR Data Processing Agreements are very similar and they both address the same procedures. The key difference is that a GDPR Data Processing Agreement is based on the right to audit by the customer, whereas SOC 2 is a certification by a trusted third party. GDPR and SOC 2 compliances have to be seen two-fold, which is the hosting side (Microsoft) and the access side (FastTrack Software). Microsoft Azure is SOC 2 certified, whereas FastTrack Software is currently reviewing SOC 2 certification. Please refer to the link below for Microsoft Azure compliances.


The service we provide to you uses a multitenancy model. Multitenancy is the norm for SaaS solutions and is the model used by all major SaaS solutions, such as SalesForce or Google Apps – and also your bank. Your bank does not have a separate system for you as a customer, instead your bank uses multitenancy, which means that a set of pooled computing resources is shared among multiple customers (tenants) using application level isolation. A tenant (e.g. your company as a customer in your bank) is a group of users who share a common access with specific privileges to the software instance. With a multitenant architecture, the software application is designed to provide every tenant a dedicated share of the instance - including its data, configuration, user management and individual functionality. Please refer to the Microsoft tenancy design pattern page below for more deeper explanation of SaaS and Multitenancy.



At the time of licensing, you will receive a main login. With this login, you can create multiple logins with limited access, such as access for an auditor or a manager. A login also grants rights to see the same data in the mobile app. For all users, you can enable two factor authentication and single sign-on. If you received an NFR license for a proof-of-concept project, and you later choose to license, this tenant instance will automatically roll to be your commercially licensed tenant.

Single sign-on

We support single sign-on (SSO) for Office 365, Azure AD, ADFS, Okta and any SAML 2.0 identity provider. We recommend that you set up single sign-on, because this ensures that you terminate access to the portal when employees leave the company. Refer to this page for technical setup of SSO.


We use Azure web servers in multiple continents in order to make sure we provide great performance anywhere in the world and that the portal is always up.

Azure fail over

Denial of Service Protection

The portal is protected from Distributed Denial of Service by Azure DDos protection. Refer to the document below for more information: Azure DDoc protection

Service Level Agreement

Our web servers are located in the same Azure Availability Set in each continent. An Azure Availability Set is a guarantee that Microsoft will not take web servers down for maintenance at the same time. Microsoft guarantees a 99.95% up time in each continent in this set up:


We are 100% transparent and open about how we operate the service. If your question is not answered here, feel free to contact us on the live chat or use the Contact menu to call us or send us an email.