Security


At Calibre, the privacy and security of our user’s data are critical. We’re committed to full transparency on our practices and precautions to keep your information secure.

Platform

  • Encryption: we encrypt all data at rest in both our database and file storage.
  • Cloud Infrastructure: we run 100% in the cloud, within a virtual private network that nobody can access through the public Internet, except via our public-facing content delivery network.
  • TLS/SSL: we use HTTPS/TLS everywhere. There are no exceptions to this rule.

Application

  • Vulnerability management: we use automated vulnerability monitoring to ensure that we’re up-to-date with latest security vulnerabilities and practices.
  • Login security: we protect against brute force attacks with rate limiting technology. All passwords are cryptographically hashed and salted before being stored in our database.

Engineering practices

  • Best practices: we stay up-to-date with industry-leading security practices.
  • Development environments: we separate development and QA environments from production. We don’t use customer data in these scenarios.
  • Code review: senior staff reviews all production code.
  • Thorough testing: we run an extensive test suite across every single change.
  • Responsible incident management: we will notify you within 72 hours of learning about a data breach.

Questions about security?