Data Security

The security of the private data we hold is one of our utmost priorities.

Third party providers

  • We are hosted on Heroku (Heroku’s general security documentation is here: https://devcenter.heroku.com/categories/security).
  • We use Mlab to store our data (mLab’s security documentation is here: http://docs.mlab.com/security/), and MongoDB Cloud.
  • All data is accessible worldwide. Stored on AWS – Hosted within an EEA member state.
  • We use Amazon AWS for assorted additional service: Mainly DNS, processing (only in AWS’s London datacenter), and storage of static files.
  • Images are processed using ImgIX.

Payment information

  • We use third-party services for all of our payment processing. At no point does sensitive credit card or bank account details pass through our services.

Data at rest

  • All data is encrypted at rest, and the physical hard drives the data stores operate on are also encrypted.

Data in motion

  • All data from service to service and service to client transferred via https (sha256RSA), or other secure method.

Other notes

  • We have a privacy program and privacy policy, which is displayed on every website we operate.
  • The policy has been reviewed by Counsel to comply with the laws of England & Wales
  • We are EU-US Safe Harbor compliant.
  • We have a retention policy in place to handle the disposal of personal information.
  • We operate a risk assessment program internally.
  • We have an information security policy
  • We are registered with the ICO.
  • We have acceptable use clauses in our Terms of Service.
  • We have no physical infrastructure. Our supplies are assessed via their accreditation.
  • Regarding third party services we use, a full security audit, including vendors, is performed at least every 6 months.
  • Network traffic is stored to allow historical and incident research.
  • We have a social media policy.
  • We conduct regular penetration testing against our infrastructure.