Security
Our company is SOC 2 Type 2 certified, which means an independent auditor evaluated our products, infrastructure and policies, and certified that we meet or exceed user data security requirements.
We work day-in-day-out to make sure this data can never be accessed by anyone without adequate permissions.
Cloud infrastructure
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Our service is built on Amazon Web Services. They provide strong security measures to protect our infrastructure and are compliant with most certifications.
Data center security
Our data center is located in the United States. It is a Tier IV, SOC 2, and ISO 27001 compliant facility. The data center facilities are protected 24/7 with different security measures (guards, CCTV, electronic access control, etc.) Monitoring and alerting is in place for security breaches, power, HVAC, and temperature.
Data encryption
Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS) version 1.2.
Encryption at rest: All our user data is encrypted at rest in our database using the industry-standard AES-256 algorithm. All passwords are hashed with bcrypt. We use AWS KMS for secure encryption key management.