Our security practices, policies and procedures
- TLS/SSL. We use HTTPS/TLS everywhere. There are no exceptions to this rule.
- Encryption. All data is encrypted at rest in both our database and file storage.
- Cloud Infrastructure. We run 100% on the cloud, within a virtual private network that cannot be accessed via the public internet, except via our public facing content delivery network.
- Best Practices. We stay up to date with industry leading security practices and exploits.
- Responsible. We will notify you within 72 hours of learning about a data breach.
- Vulnerabilities. We use automated vulnerability monitoring to ensure that we’re patched and up to date with the latest security vulnerabilities and practices.
- Review. All production code is reviewed by senior staff.
- Development & QA. These environments are seperated from production. No customer data is used in these environments.
- Logins. We protect against brute force attacks with rate limiting technology. All passwords are cryptographically hashed and salted before being stored in our database.
- Testing. Our extensive test suite is run across every change.