All Collections
Security, Privacy, and Terms Security Information Security Information
Jared avatar
Written by Jared
Updated over a week ago

Encryption and Resource Access

  • Single sign-on solution for Enterprise plans

  • End-to-end 256 bit HTTPS SSL encryption

  • All non-essential ports and external network interfaces blocked by default

  • No financial data or credit information is stored in any system

  • All account passwords are stored as one-way hashes

  • All client-side communication, sessions, and input are validated server-side

  • All media assets are securely accessed on Amazon S3 using signed URLs

  • All media assets are encrypted at rest on Amazon S3

  • All account data is encrypted and securely stored in the database 

  • In the event of server failure, all critical systems have redundant failovers to prevent service disruptions

Source Code

  • We perform static code analysis of all production code

  • We perform a third-party security assessment 

  • We have Integration and Unit tests for all critical systems

  • All sub-dependencies have been vetted for security and performance issues

  • All sub-dependencies are directly bundled into the application

  • We follow strict compliance with source code licensing and open-source licensing

Key Management maintains a strict policy for assigning and distributing keys that may access any production or development systems.

  • Master access keys are never distributed to any employees

  • Access keys are never stored in any version control system

  • Access keys are never stored anywhere as plaintext

  • Individual access keys are generated per employee with developer-only access

Secure Workstations

  • All company workstations and laptops use encryption for storing any potentially sensitive data

  • All company workstations and laptops use anti-malware and antivirus software

  • All client data is always anonymized for development purposes

Employee Awareness

  • All employees have been instructed on best practice security standards

  • employees are granted granular role access to resources

  • Any employee access to sensitive data is tracked and monitored

  • Developers only work with anonymized data

Did this answer your question?