The Technology and Security Behind SalesCandy™

SalesCandy’s backend is designed to be highly secured and scalable. It is built with the vision of rapid rollout to different countries in mind.
In order for SalesCandy™ to deal with personal data responsibly, all of its web services are run on HTTPS using SSL certificate with 256-bit SHA and RSA encryption to ensure that the data is encrypted between the mobile app, web browsers, and the server. Sensitive data on the Android mobile application is encrypted using SQLCipher to safeguard against data theft in the event of lost mobile devices.


To fence off common web exploits like SQL injection and cross-site scripting, all SalesCandy™ traffic first goes through Amazon Web Services (AWS) Web Application Firewall (WAF) before hitting the AWS Application Load Balancer.  All traffic is handled by AWS Elastic Compute Cloud (EC2) instances.  We have designed and configured the EC2 to automatically scale up and down according to the traffic, which allows our clients to run large scale lead generation campaigns without having to first inform us. Our system is designed and tested to handle more than 1,000 leads per second. The system is also designed with high redundancy in place, which means that not a single lead will be missed when traffic is unexpectedly high or even during system maintenance.
We use AWS Relational Database Service (RDS) for our database, as it is fully managed by AWS in terms of maintenance and backup.  It too can be easily scaled up and down as the need arises.
Data and files outside of the database are stored on Simple Storage Service (S3) and are automatically pushed to CloudFront Content Delivery Network (CDN) for faster loading speed.
To reduce the risk of unauthorised user access to the system and data, One-Time Pin (OTP) for registered mobile phone numbers is used to verify salespeople’s and sales managers’ login.
We categorise our data into Personal Identifiable Data (PID) and Non-Personal Identifiable Data (NPID).  Only our clients and our Chief Technology Officer have access to PID like names, phone numbers and email addresses of the leads.  If the clients need us to troubleshoot their accounts, they need to explicitly grant our support team the access to the accounts.  While NPID data like response time, talk time, lead source, etc, will be used as big data to further improve the system and design.
Our Systems Admin team at SalesCandy has more than 7 years of actual experience in AWS and has been exploring all different services available in AWS.  We built SalesCandy™ with the future in mind in terms of security and scalability so that our clients will not have to worry about the system as they grow their businesses.