We aim to keep our service safe for everyone, and data security is of utmost priority. If you discover a security issue with our service, please disclose it to us. We will work with you to understand the issue and fix it accordingly. We would appreciate the industry best practice of Responsible disclosure is followed. We take the security of our systems seriously, and we value the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users. If you believe you have found a security vulnerability in one of our products or platforms please send it to us by emailing [email protected].
Our systems are kept up-to-date with security patches and consistent using configuration management software. We use multiple firewalls and VPN services to help block unauthorized system access. We use username and key authentication, keeping password authentication disabled.
We consistently replicate your data to fault-tolerant clusters of database servers. We perform full backups nightly and incremental backups every hour. Our backup strategy allows us to recover in the unlikely event of a major data incident.
We host our infrastructure with Liquid Web, with data centers secured with biometrics, 24-hour surveillance and 24×7 onsite staff providing additional protection against unauthorized entry. Data center access is restricted to data center technicians only.
When you sign up with us, we do not store any of your card information on our servers. It is directly handed off to our bank, who is dedicated to storing your sensitive data.
We maintain relationships with reputable independent security firms to regularly perform penetration tests, source code assessments and security reviews.