Our commitment to security

Credentials managed properly

We never hardcode credentials or store them in our application database. All secrets are stored securely in a dedicated secrets manager, reducing exposure and ensuring controlled access.

Data minimisation

Support Fusion only transmits the information required to sync tickets, alerts, and assets. We use record IDs and metadata rather than raw ticket data. This reduces the amount of sensitive information in motion.

Secure payments

Payment information never touches our systems. Stripe and Chargebee handle all processing, with tokenisation used to reference transactions. This ensures cardholder data is kept out of our environment entirely.

SDLC and testing

Our engineering process follows a structured software development lifecycle. Promotion gates and automated testing catch issues early, ensuring that only validated code moves into production.

Independent checks

We run static code analysis and regular penetration tests to identify and address vulnerabilities. Security isn’t a one-off exercise - it’s an ongoing commitment.

You're always in control

Each organisation manages its own API keys and permissions. Access is never shared or centralised, giving MSPs and enterprises the ability to review or revoke credentials at any time.

Encryption

All data is encrypted in transit with TLS and at rest in storage. This ensures information cannot be intercepted or read without authorisation.

Segregation

Different data types are kept separate. Credentials sit in a secrets manager, ticket metadata is stored apart from application data, and logs are isolated again. Separation reduces risk of cross-exposure.

Monitoring

We continuously monitor for unusual activity and keep detailed logs of system events. This enables quick investigation, early detection, and full traceability of data access.