We treat customer data with respect and keep them safe.
Data from customers are segregated into separate workspaces. Each workspace is backed by a separate database. Customer data are not merged together on a storage level. Data may be processed on a shared hardware.
We offer storing data in these geographical locations:
- United States
- United Kingdom – EU
We use the data center in the United States by default. Customers can ask for using a data center of their choice. Encrypted data in transit may leave a geographical location depending on routing on the Internet.
We keep customer data as long as the customers uses our product. We will delete the data within 30 days after the customer stops using our products.
Individual components run in isolated private networks or virtual private clouds with firewalls restricted only to expected IP addresses and ports.
All data at rest and in transit are encrypted using industry standard algorithms. Encryption and decryption keys are stored on a different machine than the encrypted data.
Passwords are dynamically salted hashed with many iterations of a very slow hashing function before they are stored. It is not possible to recover original passwords even with knowledge of the source code and all secret information.
We log important activity on multiple levels and keep it in read-only audit trail.