Security and data protection is at the core of what we do
We take our data responsibilities incredibly seriously and go to great lengths to ensure the safety and security of all guest data.
Security and compliance
Our security and data protection processes are based on and aligned with global standards that ensure the highest grade of security is met and exceeded.
Privacy policy
Our Privacy Policy honours GDPR and UK-GDPR. Superhog is registered with the ICO under registration number ZA518818.
Data transfer
We never sell or pass on user data for any other type of gain to any third-party. We provide you with secure methods to delete data in accordance with privacy regulations.
Privacy impact
We continuously evaluate the impact of our activities on data privacy to ensure that we collect the minimum data needed.
Security protocols
Data encryption
All web traffic through Superhog is encrypted via HTTPS and TLS 1.2. Data in our database is encrypted using AES-256 encryption and is FIPS 140-2 compliant. Decryption keys are stored separately and rotated on a regular basis.
Third-party audits
In addition to our extensive internal testing program, we employ third-party experts to perform penetration testing annually as standard, and additionally after any significant changes to our technical infrastructure.
Employee checks
All Superhog employees undergo background checks, including checks for any historical involvement with fraudulent or criminal activity, and are subject to ongoing spontaneous background checks throughout their employment.
Data handling
The processing of data by Superhog is deliberately very tightly constrained by technology in order to limit the vulnerability of our system to human error and deliberate malevolent activity.
Limited access
Access to the encrypted sensitive documentation which is stored on Superhog is limited, with all access system logged and frequently monitored, to ensure that no data is compromised.
Continuous scanning
We maintain a comprehensive vulnerability management program which includes regular scanning, identification, and remediation of security vulnerabilities in our infrastructure and applications.