We know you've entrusted us with valuable data, and we take its security very seriously. Below, we've provided a deep dive into our security practices, protocols and tooling. But we're always available to answer questions on this topic. Just send us a note at [email protected] 🔐

Security practices

The following list was last updated May 28, 2021

• Vulnerability Scan on every release using Snyk
• Helmet npm module for standard protection
• DDoS protection using AWS Shield
• Regular & automated database backups
• Encrypted passwords - this is pretty standard, but there are websites out therewhich don't do that.
• Audit Trail of Changes
• Monitoring & Reporting on infrastructure for anomalies and suspicious activities
• Media & files protection using CORS and Secure time-expired tokens
• Proper DevSecOps strategy with highly restricted access to production environments.
• Best in class cloud services, including managed services of leading cloud providers which comes with strong security
• SSL only environments, which means you are data transmission is always over secure tunnel & encrypted
• Secure processing of payments - we don't store or touch any card information and all payment information is handled by Stripe which complies with highest standards of PCI

Sub-processors

We work with the following companies and tool systems to store, analyse, and transmit data for our users. They've been carefully vetted for best-in-class security practices.

• Amazon Web Services
• Mixpanel
• Segment