Data Security

The security of the private data we hold is one of our utmost priorities.

Third party providers

• We are hosted on Heroku (Heroku’s general security documentation is here: https://devcenter.heroku.com/categories/security).
• We use Mlab to store our data (mLab’s security documentation is here: https://docs.mlab.com/security/), and MongoDB Cloud.
• All data is accessible worldwide. Stored on AWS – Hosted within an EEA member state.
• We use Amazon AWS for assorted additional service: Mainly DNS, processing (only in AWS’s London datacenter), and storage of static files.
• Images are processed using ImgIX.

Payment information

• We use third-party services for all of our payment processing. At no point does sensitive credit card or bank account details pass through our services.

Data at rest

• All data is encrypted at rest, and the physical hard drives the data stores operate on are also encrypted.

Data in motion

• All data from service to service and service to client transferred via https (sha256RSA), or other secure method.

Other notes

• We have a privacy program and privacy policy, which is displayed on every website we operate.
• The policy has been reviewed by Counsel to comply with the laws of England & Wales
• We are EU-US Safe Harbor compliant.
• We have a retention policy in place to handle the disposal of personal information.
• We operate a risk assessment program internally.
• We have an information security policy
• We are registered with the ICO.
• We have acceptable use clauses in our Terms of Service.
• We have no physical infrastructure. Our supplies are assessed via their accreditation.
• Regarding third party services we use, a full security audit, including vendors, is performed at least every 6 months.
• Network traffic is stored to allow historical and incident research.
• We have a social media policy.
• We conduct regular penetration testing against our infrastructure.