What steps have we taken to keep your data secure?
- All data in flight (being read or sent to our app) is encrypted with TLS (Transport Layer Security). Additionally, we test the security of our TLS settings against SSL Labs bi-weekly.
- All data at rest (not being used) in the database is encrypted.
- Follow 12 Factor Application principles so that we always configure settings via the environment and nothing sensitive is embedded in the app.
- Do not store any sensitive data that we don't need (for example we don't store payment info in our systems).
- We run on servers that are ISO 27001, ISO 27017, ISO 27108, HIPAA, and PCI-DSS compliant.
- Update the container environment's weekly to make sure we get all security patches.
- All containers are automatically scanned for known vulnerabilities from the CVE (Common Vulnerabilities and Exposures) database.
- Implement a fine-grained rights access model that only allows a user to see data from their integrations and not others.
- Add Two-Factor authentication.
- Add Sign up or Log in via Google authentication.
- Add an extra layer of in-column encryption to the database to prevent the reading of data.
- Add records to all rows in the database to keep track of whom last modified any given row.
Custom Security Measures
Sometime's security can be tricky, and we understand and acknowledge that many companies have a multi-step process to approve new platforms. If this sounds like you or the company you work for, feel free to contact us, and we'll help provide you with whatever information you need, or actions you need us to take that might include an audit or similar.
To contact us, you can either submit the form on our contact page or speak to a human immediately using our chat app button in the bottom right corner of this page.