Security is at the core of every transaction.

Data on a Touch Pad

Philosophy

We practice a security-first approach to protecting you and your data. That means that we prioritize the security of our customers and their data above everything else. We’ve followed this mindset along every step of the way in our journey, from architecture to implementation to operations. Your data and privacy are protected with proven best-in-class security mechanisms so that you can rest easy.

Data

  • Our database is encrypted using AES-256-GCM symmetric encryption. That means that your data is secure while it’s being stored in our database.

  • Passwords are never stored in plain text and are instead hashed with bcrypt. This one-way hashing mechanism ensures that no one can ever get access to your password, not even us.

  • Files you upload are stored securely in our cloud storage vault and are also encrypted at rest using AES-256.

  • Your data is backed up constantly to ensure that it is never lost in the event of a disaster.

  • We integrate with Stripe, a best-in-class secure payment processing platform to protect your credit card information. Your credit card data is tokenized in your browser and is sent directly to Stripe so that it never actually touches our servers. To minimize risk on our end and to increase the security of your data, we will never be able to see or have access to your credit card information.

Cloud Infrastructure

  • We leverage Amazon's AWS cloud infrastructure to provide the most secure and scalable environment for our platform. AWS follows SOC compliance standards.

  • Our production environment is deployed inside a virtual private cloud (VPC) which in essence creates a barrier between our infrastructure and the outside world. We leverage private subnets to ensure that all customer data is stored at least one “hop” away from the public internet.

  • We leverage strict network security to only allow access on required ports. Access on all other ports is disabled.

  • We ensure that all of our servers are patched regularly to ensure that they cannot be compromised by known vulnerabilities.

Analyzing Data

Access

  • All access to data in transit is encrypted using industry-accepted mechanisms. In particular, we encrypt all web and API traffic using HTTPS and TLS 1.2. We specifically prevent access using prior versions of TLS and SSL, all of which have known vulnerabilities.

  • We use signed URLs to allow you to view the files you’ve uploaded. This ensures that only authorized users are allowed to see your files, and these links are time-controlled to expire shortly after they’re generated.

  • Your data never leaves our production environment. We implement strict controls to ensure that no data is ever copied or moved outside of our secure production environment.