We work tirelessly to keep your data as secure as possible. We implement the following procedures/best practices to the best of our abilities and constantly looking to improve our security:
- We leverage cloud firewall security to protect against external threats, DDOS attacks (see Cloudflare below)
- Our servers are managed by a best of class security vendor (see DigitalOcean below)
- All sensitive data is stored at rest using bank level encryption (AES 256 GCM)
- Passwords are one way hashed (can't be decrypted) and require email verification to update
- Configuration keys/passwords for production environment are not stored in any public/private repositories, and only maintained by very limited group of senior employee(s).
- Database is locked down by firewall with extremely strict access
- Servers have no root access
- Server and codebase libraries are kept up to date as security holes are discovered (if any)
- Database has no SSH direct access and managed by top level secure 3rd party (see DigitalOcean below)
- All servers require HTTPS access only. TLS 1.2 is used wherever possible
- Client communication after login utilizes secure, limited use cookie hash communication
This list may not be exclusive of all security best efforts being used. We regularly audit our security measures and are constantly looking to improve them as needed.
Vendor Security we rely upon: