How we keep your data secure

We capture the personal details, sentiments and opinions of thousands of people every day, so data security is always at the forefront of our minds and takes the highest priority.

Our server and software are tested and updated regularly to ensure that they can withstand the most sophisticated cyber attacks and intrusions, whilst ensuring that they store personal data safely and securely on behalf of our customers.

The measures listed below are just some of the things we have done to maximise security and minimise risk. If you have any questions about data security, please contact us at hello@participatr.co.uk


Responsible personal data management

Personal data, including email addresses and postal addresses, is redacted on the digital platform front end. Only selected users with 'project leader' permissions have access to personal data, to minimise risk of accidental or purposeful data breaches.

We delete personal data from our server and cloud storage (located in the UK/EU/EEA) as soon as it is no longer required (3 months after the subscription ends). Data exported from our system by authenticated users is passcode-protected and encrypted, meaning that it protected in the event that it falls into the wrong hands.

Where we’re storing email addresses to send email updates through our system, only those that have ‘opted-in’ will be contacted, with safeguards in place to ensure those that haven’t opted-in are filtered out of mailing lists systematically.

Our digital platforms don’t use cookies for any other purpose (such as marketing) than creating a user session when a participant visits, limited to the ‘strictly necessary’ PHPSESSID cookie. That means that our digital platform collects no data other than that which is required for them to have their say effectively.

Participatr Limited is registered with the Information Commissioner's Office. More details about how we process and handle personal data can be found in our Privacy and cookie policy.

Secure web server

We own and operate a standalone server that isn’t shared with any other organisations or web services, meaning we have complete control over its operation and security. It sits in our office in Bristol, UK, behind three locked doors, and we have 24/7/365 access to the hardware and software when we need it.

Our server is designed with security in mind, providing no clues to hackers as to how it operates and what software it uses (non-verbose error messages).

The server's database also uses data encryption at rest (using the AES-CTR cipher), meaning that no data can be leaked in the unlikely event of a physical hardware breach, attack or theft. ModSecurity2 web application firewall guards against malicious automated attacks on our public web pages and password-protected 'dashboard' area. This uses the OWASP (Open Web Application Security Project) Core Rule Set, which automatically protects our system against the most common and up-to-date attack techniques. Furthermore, inline and daily scheduled virus scanning provides protection against trojan horse attacks.

Server software is updated daily to minimise security risks, and databases and files are backed up daily to cloud storage located in the UK/EU/EEA, ensuring that we have legal control over how that data is processed and stored.

We can access our server administrative panel remotely, anywhere in the world, so it is protected with Multi-Factor Authentication (MFA) to ensure only members of our team can access it.

Secure database management

All form inputs are processed and added to our database using PHP Prepared Statements, and data sanitised by HTML Purifier. What that means is that attackers can’t ‘inject’ malicious code into our system through a web form and access information that they shouldn’t be able to access in our database, and that the system is protected from Reflected XSS attacks where malicious scripts are input and inadvertently run by legitimate system users.

Data is validated and ‘sanitised’ where possible, such as email addresses, postal addresses and postcodes.

Secure encryption and connection

HTTP Strict Transport Security (HSTS) is enabled to enforce HTTPS encryption and security for all connections to and from our server, meaning that no one can choose to access your digital platform and submit personal data over an unencrypted connection.

Our security certificates are renewed every 3 months and issued by recognised Certificate Authority, ensuring that they are robust and secure.

The TLS1.2 cryptographic protocol (and above) is enforced for all connections, and we use the strongest possible cipher suite.

XSS protection is enforced to prevent cross-site scripting attacks, and dashboard user sessions automatically time out after 15 minutes.

Secure password protection

For every project, users have access to the project team dashboard - this provides real-time feedback analytics, website visitor statistics, a range of content management tools and a range of communication tools to manage the engagement process and participant data.

This interface is password protected, with several security measures in place to prevent unauthorised access. The system uses Multi-Factor Authetication (MFA) by timed one-time passcode (TOTP), where users are asked to input a 6 digit code received by email within 60 seconds or receiving it. This both protects against unauthorised attacks by outside users (even if they obtain the correct password) and unauthorised access by historically legitimate users where they have moved on from an organisation in the project team and no longer have a legal right to access or process the data, as access to our system requires access to their organisational email.

User lock-out occurs after 5 incorrect password attempts, and a Participatr administrator must reset the login account manually in order to provide access. The unsuccessful login attempt count is stored server side (rather than client side) to ensure that malicious attackers can not reset the unsuccessful password attempt count unilaterally.

Strong password complexity is enforced (and the policy not revealed to unautheticated users). Passwords are stored in hashed format, with users forced to change the initial password supplied by the administrator before they log in and forced to change to a previously unused password every 90 days.

The dashboard login is also protected by Captcha verification, further preventing automated attacks.

Captcha protected

All public (not password protected) forms where users can input information are Captcha protected, preventing automated responses and malicious attacks. The only exception to this is where a user has already participated, started a user session, passed Captcha verification and is making another interaction (for example, where they are adding more than one comment to an issues and ideas map).

Whilst we understand Captcha verification can be irritating or annoying for some users, it is a vital step to keep data secure and prevent automated responses, upholding the robustness of the public participation consultation processes that our digital platforms facilitate.

Rate limiting and intrusion detection

Our server includes a module (mod_evasive) to implement rate limiting and generate alerts if someone or something attempts to break into our system with repeated force.

Fail2Ban is installed to shut out malicious users and alert administrators when an attack is taking place.

Secure software development

We use an offline development and testing environment, which is not exposed to the web. That means only tested systems are rolled out for public and customer access.

Penetration tested

Our server and software platform have been penetration tested by a CHECK approved practitioner.

Strong incident response plan

If a digital platform is subject of a cyber attack, our systems incident plan is as follows:

  • The customer is notified immediately (with P1 status as set out in Our service level commitment)
  • Dashboard credentials are revoked immediately for all users
  • The virtual server for the digital platform in question is removed until the security of the Participatr server and digital platform database containing project-related data is verified
  • The project data held in our database is audited against the latest daily backup to identify any discrepancies with the daily backup restored, if required
  • The server system log is audited for attack activity
  • We will then report back to the customer and restore the virtual server and dashboard credentials upon approval