Security

Security

The following is general information on some of our security practices. If you have any questions after reading this or any issues, please contact us.

Application Security

  • Our application (including all custom domains) is encrypted with TLS.
  • Outbound email is encrypted with TLS (when supported by the recipients server).
  • Logins have brute force protection.
  • Passwords are one way hashed.
  • Multiple levels of logic segregate user accounts and data.
  • We monitor all emails for malware, phishing and social engineering.
  • Custom data retention policies are available.
  • Credit card payments are processed via Stripe a level 1 certified PCI provider, with the credit card information never being sent to our servers.

Disaster Recovery

  • A warm standby environment is maintained in a separate physical location with a 30 minute delay from the production environment.
  • Data backups are performed through the day, encrypted and stored off site.

Physical Security

  • Our services are hosted on Amazon Web Services (AWS) within their secure data centers.
  • Our offices are secured with keycard access and monitored with CCTV cameras.

Policies and Procedures

  • Employees sign an agreement outlining their responsibility in protecting customer data.
  • Employees are educated and trained on security, social engineering and phishing attacks.