Our security practices, policies and procedures


  • TLS/SSL. We use HTTPS/TLS everywhere. There are no exceptions to this rule.
  • Encryption. All data is encrypted at rest in both our database and file storage.
  • Cloud Infrastructure. We run 100% on the cloud, within a virtual private network that cannot be accessed via the public internet, except via our public facing content delivery network.
  • Best Practices. We stay up to date with industry leading security practices and exploits.
  • Responsible. We will notify you within 72 hours of learning about a data breach.

Application Security

  • Vulnerabilities. We use automated vulnerability monitoring to ensure that we’re patched and up to date with the latest security vulnerabilities and practices.
  • Review. All production code is reviewed by senior staff.
  • Development & QA. These environments are seperated from production. No customer data is used in these environments.
  • Logins. We protect against brute force attacks with rate limiting technology. All passwords are cryptographically hashed and salted before being stored in our database.
  • Testing. Our extensive test suite is run across every change.

Contact Us

If you’ve any questions regarding our security practices, please email our dedicated security address,