Infrastructure security
- We run on AWS EC2 instances and our servers are located in the US. U.S.-based Amazon Web Services (AWS) facilities include 24/7 on-site security and, camera surveillance.
- AWS provides end-to-end security and privacy features.
Application security
- We undertake regular application security scans internally on a quarterly basis and externally annually by a third party.
- We perform annual third party penetration testing to rigorously test our application's security posture.
Data security
- Data is encrypted in transit and at rest using AES-256 encryption, and we use the AWS Key Management System (KMS) to manage encryption keys for maximum security.
- Application data is secured in transit using TLS 1.2 and our application logically separates user data, with access to your data protected by strong authentication and authorization controls.
Availability
- We guarantee a 99.9% uptime per our service level agreement (SLA) .
- We have 24/7 automated failure detection with our outage alert system to minimize the chance of downtime.
- View our System Status Page
Disaster recovery
- We can switch cloud host providers to ensure limited downtime in the event of a disaster.
- We take snapshots of our database daily and our backups are kept for 7 days.
Control over tracking data
- We provide customizable controls in your account to switch off any unwanted tracking data collection.
- On request we can disable a tracking data type entirely from your account.
Our security partner Vanta monitors our security posture and compliance 24/7
Monitoring for 67 controls across:
Product security
Infrastructure Security
Organizational security
Data and privacy
- • Data retention procedures established
- • Privacy compliant procedures established
- • Privacy policy available
- • Privacy policy maintained
- • Data classification policy established
Internal Security procedures
- • Production deployment access restricted
- • Incident response policies established
- • Security policies established and reviewed
- • Incident management procedures followed
- • Development lifecycle established
Organizational security
- • MDM system utilized
- • Password policy enforced
- • Security awareness training implemented
- • Production inventory maintained
- • Asset disposal procedures utilized
Product Security
- • Penetration testing performed
- • Data encryption utilized
- • Data transmission encrypted
- • System activity logged
- • Vulnerability and system monitoring procedures established
Infrastructure Security
- • Intrusion detection system utilized
- • Production database access restricted
- • Production network access restricted
- • Infrastructure performance monitored
- • Access control procedures established
