Security Policy

Keeping our customers' data protected at all times is our highest priority. This security overview provides a high-level overview of the security practices put in place to achieve that objective. Have questions or feedback? Feel free to reach out to us at [email protected]

Dedicated Security Training

All technical members of our team are trained in security best practices and methodologies. Our entire tech team is dedicated to constantly improving the security of our platform. Our team are trained on security incident response and a member of the team is in-charge of security responses 24/7.

Cloud Infrastructure

All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Our service is built on Google Cloud Platform (especially Firebase). They provide strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about their practices here: Google Cloud Platform

Data Center Security

Our data center provided by Google (see above) is located in the United States. It is a Tier IV and ISO 27001 compliant facility. The data center facilities are protected 24/7 with different security measures (guards, CCTV, electronic access control, etc.). Monitoring and alerting is in place for security breaches, power, HVAC, and temperature.

Data encryption

Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). You can see our SSLLabs report here.

Data retention and removal

Every user can request the removal of all personal data by contacting support. Read more about our privacy settings privacy policy.

Business continuity and disaster recovery

We back up all our critical assets and regularly attempt to restore the backup to ensure a fast recovery in case of disaster.

Application security monitoring

We use technologies to monitor exceptions, logs and detect anomalies in our applications. We collect and store logs to provide an internal audit trail of our applications activity.

Secure development

We develop following security best practices and frameworks (OWASP Top 10, SANS Top 25). We use the following best practices to ensure the highest level of security in our software:

Payment information

All payment instrument processing is safely outsourced to Stripe which is certified as a PCI Level 1 Service Provider. We don’t collect any payment information and are therefore not subject to PCI obligations.

Contact Us

If you have any questions about this Security Policy, please contact [email protected] or by mail:

Scribe
Level 2, 11 York Street
Sydney, Australia