The security of the private data we hold is one of our utmost priorities.
Third party providers
- We are hosted on Heroku (Heroku’s general security documentation is here: https://devcenter.heroku.com/categories/security).
- We use Mlab to store our data (mLab’s security documentation is here: https://docs.mlab.com/security/), and MongoDB Cloud.
- All data is accessible worldwide. Stored on AWS – Hosted within an EEA member state.
- We use Amazon AWS for assorted additional service: Mainly DNS, processing (only in AWS’s London datacenter), and storage of static files.
- Images are processed using ImgIX.
- We use third-party services for all of our payment processing. At no point does sensitive credit card or bank account details pass through our services.
Data at rest
- All data is encrypted at rest, and the physical hard drives the data stores operate on are also encrypted.
Data in motion
- All data from service to service and service to client transferred via https (sha256RSA), or other secure method.
- The policy has been reviewed by Counsel to comply with the laws of England & Wales
- We are EU-US Safe Harbor compliant.
- We have a retention policy in place to handle the disposal of personal information.
- We operate a risk assessment program internally.
- We have an information security policy
- We are registered with the ICO.
- We have acceptable use clauses in our Terms of Service.
- We have no physical infrastructure. Our supplies are assessed via their accreditation.
- Regarding third party services we use, a full security audit, including vendors, is performed at least every 6 months.
- Network traffic is stored to allow historical and incident research.
- We have a social media policy.
- We conduct regular penetration testing against our infrastructure.