Your security

Your security and privacy comes first in everything we do

  • Data is encrypted while in transit
  • Your personal information is only available to clients if you apply for work
  • Information is stored in a separate access-controlled database, away from the main application

Encryption keeps your data private while in transit

Encryption brings a higher level of security and privacy to our services. When you interact with our website we protect your in-flight data with multiple layers of security, including leading encryption technology like HTTPS and Transport Layer Security.

SSL Security

  • We use an Extended Validation SSL Certificate
  • This offers the highest available levels of trust and authentication to our site
  • 2048-bit SHA2 & ECC Encryption
  • Proof is in the green lock in your browser address bar, click on our name to see details

Data Center Security Assessments and Compliance

Physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Penetration Testing and Vulnerability Assessments

NoSweat utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

Network Security

Firewalls

  • Firewalls are utilized to restrict access to systems from external networks and between systems internally.
  • By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business need.
  • Host-based firewalls restrict application from establishing localhost connections over the loopback network interface to further isolate the application.
  • Host-based firewalls also provide the ability to further limit inbound and outbound connections as needed.

DDoS Mitigation

  • Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth.
  • We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed.

Spoofing and Sniffing Protections

  • Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible.
  • Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to.
  • NoSweat utilizes operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.

Port Scanning

  • Port scanning is prohibited and every reported instance is investigated by our infrastructure provider.
  • When port scans are detected, they are stopped and access is blocked.

Data Security

PI Data is encrypted when saved to the database using Symmetric Encryption

  • Symmetric Encryption uses OpenSSL to encrypt and decrypt data.
  • Externalization of symmetric encryption keys so that they are not in the source code, or the source code control system.
  • For maximum security uses randomized keys and initialization vectors extracted from the entire encryption key space.
  • Generate a new initialization vector (IV) with every encrypted value.
  • Host-based firewalls also provide the ability to further limit inbound and outbound connections as needed.

Data Processing - Protection Of Personal Information Act, 2013

NoSweat needs to process your personal information in order to establish an agreement between the candidate and the client. NoSweat also requires specific information to supply to SARS for PAYE obligations.

Protection Of Personal Information Act, 2013 - Section 11

  • (1) (a) You cannot register on the NoSweat website if you are not over 18 years of age. See clause 14.2 of the NoSweat Freelancer Terms and Conditions.
  • (1) (b) Processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party.
  • (1) (c) Processing complies with an obligation imposed by law on the responsible party.
  • (2) (a) It is also understood that you agree to the NoSweat Freelancer Terms and Conditions, specifically clause 16.2.
  • (2) (b) You may at any time delete your profile which permanently removes all your data from the NoSweat system. We do retain financial transactions as required by law.

Protection Of Personal Information Act, 2013 - Section 12

  • (1) All data is collected directly from the candidates. NoSweat does not make any changes to candidates' profiles.

Protection Of Personal Information Act, 2013 - Section 19

  • NoSweat takes appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of personal information; and unlawful access to or processing of personal information.
  • This is achieved by the measures described on this page.

Further information

If you have more questions on the topic of your data security, please follow these guidelines:

  • Direct written correspondence to jobguy@nosweatwork.com
  • Outline your exact points of concern not already covered on this page.
  • NoSweat will respond in writing within 21 working days.

Still not comfortable?

If you are not convinced that we are doing all we can to protect your information, your best bet is to remove your account from our system.

NoSweat Work is a freelance and permanent placement and engagement management platform.

We help clients find freelance or full-time staff. After placement we manage the engagement from start to finish for the best outcome for both client and freelancer.

South Africa

NoSweat Work Media cc

Reg No: 2009 / 090625 / 23

Unit 30, Illovo Mansions, 5 Corlett Drive, Illovo, Johannesburg, South Africa, 2196

The Netherlands

No Sweat Work Media B.V.

KvK-nummer: 71705481

Postbus 125, 1700 AA, Heerhugowaard, The Netherlands, Europe

Celsiusstraat 32, 1704 RW, Heerhugowaard, The Netherlands, Europe

Copyright 2009 - 2018 NoSweat Work Media cc
All Rights Reserved