Available in: Axsy Field Service, Axsy Public Sector, Axsy Retail Execution, Axsy Mobile for Salesforce

Data Protection

Salesforce System of Record

The system of record for all customer data is the Salesforce platform. Axsy personnel have no access to customer data on the Salesforce platform or in the Axsy mobile apps and cannot control, store or process customer data on any Axsy platform or system.

Customer data stored on the Salesforce platform is protected by Salesforce's own privacy and security measures, click here for more details.

As stated above, Axsy has no access to customer data on the Salesforce platform, the remainder of this article therefore addresses data security between the Axsy mobile app and Salesforce and the Axsy mobile app itself.

Data Communications Between the Axsy Mobile App and Salesforce

All over the air (OTA) communications between the Axsy mobile app and the Salesforce platform is via SSL / TLS v1.2 encryption.

Axsy Mobile App Data Encryption

The Axsy mobile app, as part of its offline first architecture, synchronises data required to work offline to the mobile app and stores this data locally. 

Data Stored Locally in the Axsy Mobile App

Data synchronised to the Axsy mobile app is stored in a local encrypted database which is protected by an AES-256 bit key.

AES Key Generation and Rotation

The Axsy mobile apps generate their own AES-256 bit keys locally when the user logs in, keys are unique per user per login.

The AES key is erased and all the database information it protects is erased when the user logs out.

AES Key Protection

During the lifespan of the AES key, the key is protected by mobile device native secure storage capabilities (e.g., iOS Keychain, Android Keystore).

Axsy Mobile App Security Policies

The Axsy mobile app detects various security threats conditions, including:

  1. Jailbroken devices
  2. App running as an emulator
  3. App running in a debug environment.
  4. Presence of reverse engineering tools

The Axsy mobile app will shut down immediately in the event of a security threat being detected.

Axsy Mobile App Code Obfuscation

The Axsy mobile app is code obfuscated, so the mobile app is unintelligible to a hacker whilst remaining fully functional.