We treat customer data with respect and keep them safe.

Standards

We use infrastructure and services that are either ISO-27001 certified or SOC-2 certified for working with customer data.

Data Segregation

Data from customers are segregated into separate workspaces. Each workspace is backed by a separate database. Customer data are not merged together on a storage level. Data may be processed on a shared hardware.

Data Sovereignty

We offer storing data in these geographical locations:

  • United States
  • United Kingdom – EU

We use the data center in the United States by default. Customers can ask for using a data center of their choice. Encrypted data in transit may leave a geographical location depending on routing on the Internet.

Data Retention

We keep customer data as long as the customers uses our product. We will delete the data within 30 days after the customer stops using our products.

Infrastructure

We run on Amazon AWS and Rackspace infrastructure. Amazon and Rackspace provide high level of physical security and compliance with the current security standards.

Individual components run in isolated private networks or virtual private clouds with firewalls restricted only to expected IP addresses and ports.

Encryption

All data at rest and in transit are encrypted using industry standard algorithms. Encryption and decryption keys are stored on a different machine than the encrypted data.

Passwords

Passwords are dynamically salted hashed with many iterations of a very slow hashing function before they are stored. It is not possible to recover original passwords even with knowledge of the source code and all secret information.

Audit Trail

We log important activity on multiple levels and keep it in read-only audit trail.

Did this answer your question?