Keeping our customers' data protected at all times is our highest priority. This security overview provides a high-level overview of the security practices put in place to achieve that objective. Have questions or feedback? Feel free to reach out to us at [email protected]
Dedicated Security Training
All technical members of our team are trained in security best practices and methodologies. Our entire tech team is dedicated to constantly improving the security of our platform. Our team are trained on security incident response and a member of the team is in-charge of security responses 24/7.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Our service is built on Google Cloud Platform (especially Firebase). They provide strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about their practices here: Google Cloud Platform
Data Center Security
Our data center provided by Google (see above) is located in the United States. It is a Tier IV and ISO 27001 compliant facility. The data center facilities are protected 24/7 with different security measures (guards, CCTV, electronic access control, etc.). Monitoring and alerting is in place for security breaches, power, HVAC, and temperature.
Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). You can see our SSLLabs report here.
Data retention and removal
Business continuity and disaster recovery
We back up all our critical assets and regularly attempt to restore the backup to ensure a fast recovery in case of disaster.
Application security monitoring
We use technologies to monitor exceptions, logs and detect anomalies in our applications. We collect and store logs to provide an internal audit trail of our applications activity.
We develop following security best practices and frameworks (OWASP Top 10, SANS Top 25). We use the following best practices to ensure the highest level of security in our software:
- Developers participate in regular security training to learn about common vulnerabilities and threats
- We review our code for security vulnerabilities
- We regularly update our dependencies to address any known vulnerabilities
All payment instrument processing is safely outsourced to Stripe which is certified as a PCI Level 1 Service Provider. We don’t collect any payment information and are therefore not subject to PCI obligations.
If you have any questions about this Security Policy, please contact [email protected] or by mail:
Level 2, 11 York Street