Security Information Overview
What is Sumday?
Sumday is a cloud based accounting platform for accounting and reporting on carbon emissions. With Sumday, users import financial transaction data and other activity data before performing an accounting process to determine their carbon footprint. Advisors use Sumday to provide carbon accounting services to their clients. Advisors can manage their client’s subscription or client’s can subscribe directly.
What data does Sumday store?
- When setting up an account with Sumday, users provide personal information such as their email address and full name.
- While using Sumday, users can import via CSV or a Xero integration, their financial transaction data. Users can also input activity data and upload any documents to the library. To see exactly what most users import, read about this step here.
- Most Sumday customers will store their financial transactions (including suppliers, total, description and account name), activity data (such as litres of fuel used or kwhs of electricity consumed) and the emails of their suppliers.
Who owns the data uploaded to Sumday?
You own your customer data! You decide what gets uploaded and we only store this data for the purposes of performing the services you’ve signed up to Sumday for - the accounting.
For a full summary on data security read through the comprehensive Data Security and Privacy summary.
What happens to data if the subscription is cancelled?
You can export your customer data before you cancel your subscription.
You can also request all data is deleted, we will only retain data to meet legislative requirements.
Is Sumday compliant with ISO27001, SOC 2 Type II and GDPR?
Yes! Sumday complies with industry best practice in relation to data and security, we take this very, very seriously. Sumday is ISO27001, SOC 2 Type II, EU GDPR and UK GDPR compliant.
Where do you host customer data?
Sumday is hosted on Microsoft Azure, with ISO 27001 / SSAE 18 compliant data centers located in several major Azure regions globally. Our servers are hosted in data centres located in Australia. You can request that your data is hosted in another region that meets your requirements by contacting us.
What password protections are in place?
- Sumday enforces multi factor authentication for every user. On top of entering a username and password, users must verify they are who they say they are through a verification app.
- Enterprise users can also request to configure an SSO integration with Auth0, Azure Active Directory, Okta, Google Cloud Identity or any other identity provider that supports OpenID Connect. Enterprise customers also have the ability to enforce SSO for all users in the workspace and disable other log in methods.
Can you fill out security assessments for our company to approve the use of Sumday?
Of course! We understand organisations have vendor risk management processes in place. We want to work collaboratively with the people in your organisation tasked with ensuring every application you use keeps your data safe and secure. You can send these forms to support@sumday.io and a key data security and privacy contact will be allocated to your company for any ongoing questions.