Security

Architecture

Franklin is hosted within a dedicated UK environment and links out to external systems you host via secure connections encrypted with SSL.

Franklin - Architecture diagram

Technologies

.NET

The Franklin API, UI and CMS are built on .NET Core – an open source software framework developed by Microsoft and used in millions of software applications since it’s launch in 2002.

The Franklin CMS is built on .NET Framework. Passwords for CMS and Frontend Membership are hashed with HMAC­SHA256 / 128bit salt encryption. Accounts will be locked after 10 incorrect login attempts and sessions will timeout after 20 minutes of inactivity.

REST API

The Franklin API sits between the Franklin UI and CMS used by both subscribers and tenants and the housing systems connected to Franklin via connectors. We use this to transfer data from your housing systems to the tenant facing front end using REST API standards.

oAuth 2.0

oAuth is an industry standard authorisation protocol used by major technology companies like Amazon, Facebook, Microsoft, Google and Twitter. oAuth provides secure, delegated access between the Franklin portal, API and your third party systems linked via connectors without sharing credentials.

Microsoft Azure

Franklin’s is hosted entirely in a Microsoft Azure environment. We use UK-based Azure VMs for the Franklin API, oAuth, Portal frontend and CMS and Azure SQL databases for storage of information.

SSL / HTTPS

The entire Franklin system runs on HTTPS, facilitated by Comodo 2,048 bit Industry Standard SSL certificates which provide 128/256 bit encryption of data as it passes through the API and up to the web browser to be accessed by tenants.

Data storage

Franklin stores the minimum data required to allow the system to function. For every tenant who registers, the following personal data is stored within the CMS database:

  • The details they used to register (defined by you, via the CMS)
  • Their password – hashed with HMACSHA256 / 128bit salt encryption (neither we nor you, can access this)
  • A date stamped record of their data consent preferences (if you’re using the tool)
  • Date of last login and password change
  • A list of member groups they’re assigned to

Membership information cannot be exported from the CMS but members can be deleted, which purges their record entirely from the database.

It’s possible to limit which CMS users can see the membership section too, for security purposes. The Franklin team have an administrator account which would grant access to this section, but access to that account is strictly limited and audited.

Data storage for the CSV tool

When you import the data via the CSV tool, your data is added to an Azure SQL Database until you re-upload the data – at which point the previously uploaded data is overwritten.

Data storage with integrations

If you’re using Franklin with an integration into one or more of your internal housing systems, the data transmitted via the integration is temporarily cached in memory but not stored or retained within the Franklin environment. In short – the more of your data accessed via an integration, the less is stored within Franklin’s Azure SQL databases.

See it in action now

Book a demo and see Franklin in action for yourself

Book a demo
call-to-action-icon
call-to-act-right-top
call-to-act-left-bott