Countrywide Legacy Security Policy

Countrywide Legacy is committed to maintaining the highest operational standards with our systems and processes to protect data. Multiple layers of security controls protect access to data, including physical and network security, firewalls and intrusion protection systems.


Encryption of Data

All data is encrypted to and from the server (which is held in the UK) and sensitive data is encrypted on the secure server. Sensitive data stored locally on a user's machine is also encrypted.

If a machine was to be lost or stolen, client data could not be accessed on this as all data is stored on a secure server, and the software copy itself is password protected. Client data can be restored to a new machine if applicable.


Data Retention

All data is held on the secure server. We reserve the right to retain data for as long as is required thereafter where we believe it is in our legitimate interests to do so. Client data will remain on the secure server indefinitely for legal reasons.

You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.


Data Access

Countrywide Legacy maintains administration accounts on the service restricted to application health monitoring and performing system or application maintenance. Only authorised personnel have access to data which is strictly limited to essential personnel only.


Third Party Penetration Tests

We will use third party penetration testing to ensure that an independent company has examined the security of our APIs, website and secure server.


Security Features

We use a variety of tools and techniques to protect against security vulnerabilities. We use the latest Microsoft web development technology to limit any possible security attacks.

The secure server and software has been designed to stop the ability to access any client data other than your own. This will be verified by the third party penetration testing. All passwords are stored on the secure server in hash triple format.

Countrywide Legacy continuously monitors event logs, notifications, and alerts from all systems to identify and manage threats.