Our infrastructure runs inside data centers designed and operated by Amazon Web Services (AWS). Our servers are based in US Regions by default.
Customers under the Entreprise Plan can request to have their data stored in a specific region (EU, APAC).
AWS provides ISO27001, SOC2 and PCI DSS compliant data-center infrastructure.
Our systems run the latest stable versions of Ubuntu and Golang.
We monitor documented threats from public security research databases (such as the Common Vulnerabilities and Exposures catalog), and we run automated vulnerability scanners as part of our Continuous Integration process.
Our developers are trained and follow secure software development, including Open Web Application Security Project guidelines.
All communications are encrypted over SSL/TLS 1.2 and 1.3, which cannot be viewed by a third party and is the same level of encryption used by banks and other financial institutions.
Firewall & DDoS mitigation
We use Cloudflare Web Application Firewall.
We maintain firewalls on our edge servers and origin servers to protect against WAF bypass attacks.
All customer data is stored with at least dual redundancy, and we've designed our storage solution for 99.999999999% long-term durability.
All employees received tools and training for handling sensitive data (including credentials) and for avoiding social engineering and other non-technical attacks.
We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in secure storage. We implement measures to detect and prevent log tampering or interruptions.
We process payments with Stripe, which has been audited by a Payment Card Industry Standard-certified auditor, and is certified to PCI Service Provider Level 1.
Your payment information is transmitted directly to Stripe via HTTPS for secure storage and is never transmitted or stored on our servers.
Contact us for any more information.