Security overview.

 

We protect your data.

All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

 

Your data are sent using HTTPS.

Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.

 

Any files which you upload to us are stored and are encrypted at rest. Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems. Our database backups are encrypted.

 

Full redundancy for all major systems.

Our servers — from power supplies to the internet connection to the air purifying systems — operate at full redundancy. Our systems are engineered to stay up even if multiple servers fail.

 

Regularly-updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.

 

We protect your billing information.

All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network. We rely on Stripe for this.

 

Constant monitoring

We maintain your account’s security on our systems and monitoring tools we’ve set up to alert us to any nefarious activity against our domains. To date, we’ve never had a data breach.

 

We also audit internal data access. If an employee wrongly accesses customer data, they will face penalties ranging from termination to prosecution. Again, to our knowledge, this hasn’t happened.

 

We have processes and defenses in place to keep our streak of 0 data breaches going. But in the unfortunate circumstances someone malicious does successfully mount an attack, we will immediately notify all affected customers.

 

Personnel

All our employees and contractors (workers) sign confidentiality agreements before gaining access to our code and data. Background checks aren’t performed on our workers. Everybody is trained and made aware of security concerns and best practices for their systems. Remote access to servers is via our VPN using two factor authentication, and limited to workers who need access for their day to day work. We log all access to all accounts by IP address.

 

Encryption in-transit, at-rest and at-work

We offer encryption in-transit and at-rest for all our apps. Over public networks we send data using strong encryption. We use SSL certificates.

 

Any files which you upload to us are stored and encrypted at rest. Our storage system uses strong encryption. Files are encrypted, replicated, and geographically dispersed to separate data centers on private, end-to-end encrypted network connections. Our application databases are encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems. All passwords are hashed and salted. Our backups of your data are also encrypted.

 

Physical Security

We rely on AWS for the physical security of our servers in addition to the anonymity of virtualized environments.

 

Data deletion

For all our apps all your content will be inaccessible immediately upon request for cancellation. Within 60 days of cancellation, all your content in any of our apps will be permanently deleted from all servers and logs. This information can not be recovered once it has been permanently deleted. We also keep backups stored off-site for a maximum of 60 additional days. Therefore, after cancellation, all data will be permanently deleted from backups within 120 days.

 

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please contact us immediately using our chat widget.