Security Policy Statement
We understand that the integrity and operational stability of our services is important to our users and partners. Our goal is to ensure that our systems are protected from unauthorized use and remain accessible 99.9% of the time.
Reporting A Security Issue
Please contact us at firstname.lastname@example.org if you believe you have identified a security problem or concern.
Our data center providers employ a variety of physical and system security practices. Please see their policy statements for details:
- Linode: https://www.linode.com/security
- AWS: https://aws.amazon.com/security
- Heroku: https://www.heroku.com/policy/security
- Our server software is updated regularly to minimize exposure to security problems.
- We monitor various security announcement lists in order to respond quickly to any vulnerabilities.
- Systems are accessible to engineers only on an as needed basis.
- Our software is revision controlled and can be used to recreate our systems as needed for scaling, repairs, or disaster recovery.
- Our systems have restricted visibility to the Internet via firewall mechanisms.
- We support SSL encryption on all our services including integrations with remote systems.
Redundancy and Backups
- We have redundant systems online or readily available for all our core services.
- Our database is replicated in real time providing a warm-backup system in the event the primary database fails.
- Additional database backups are made every four hours and stored in a geographically separate data center.
Internal access to systems and services is limited to those employees who need access to complete their job and utilize individual accounts, secure logins, and in some cases, 2-factor authentication.