Security FAQ’s
- All user data is encrypted at rest.
- All user data is encrypted in transit.
- Our service is hosted on AWS, to learn more about their security practices, visit: https://aws.amazon.com/security/
- Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions
- Firewall and VPN services to help block unauthorized system access
- User data is stored and encrypted on a network not connected to the internet.
- Systems access logged and tracked for auditing purposes
- All changes to user accounts are logged for auditing
- Regular, off-premise, multi-region, backups.
- User data is soft-deleted to protect from user mistakes. Data is permanently deleted when the account is scheduled for deletion.
- All software dependencies are kept up to date and are patched on a regular basis.
- Stable system updates and security patches are applied at the hardware level when they are released.
- All user data is served over HTTPS with TLS 1.2 and TLS 1.3.
- Two factor authentication is available for extra security.
- All passwords are salted and encrypted.
- Requests to authorize users in our system are rate limited to protect from malicious traffic.
- Tester identifying data is stored separately from their responses to preserve their anonymity.
- We do not store credit card data. All of our payments are processed by Stripe, a company dedicated to PCI-Compliance: https://stripe.com/docs/security/stripe
Need to report a security vulnerability?
Email us at [email protected]