Last updated: 24 June 2021
- Encryption: we encrypt all data at rest in both our database and file storage.
- Cloud Infrastructure: we run 100% in the cloud, within a virtual private network that nobody can access through the public Internet, except via our public-facing content delivery network.
- TLS/SSL: we use HTTPS/TLS everywhere. There are no exceptions to this rule.
- Vulnerability management: we use automated vulnerability monitoring to ensure that we’re up-to-date with latest security vulnerabilities and practices.
- Login security: we protect against brute force attacks with rate limiting technology. All passwords are cryptographically hashed and salted before being stored in our database.
- Best practices: we stay up-to-date with industry-leading security practices.
- Development environments: we separate development and QA environments from production. We don’t use customer data in these scenarios.
- Code review: senior staff reviews all production code.
- Thorough testing: we run an extensive test suite across every single change.
- Responsible incident management: we will notify you within 72 hours of learning about a data breach.
If you have any questions regarding security at Calibre, we’re here to help. Contact us at firstname.lastname@example.org.