Security is at the front and center of what we do. Our engineering team has experience
working in both hyper-growth security-centric start-ups and publicly-listed companies.
We conform to best-in-class security practices and make this a
central part of our internal engineering
processes. In many cases, we deploy new code to our servers
several times each day. We have baked strict
account identifier checks into our software at all access
points. Concretely, this means that you can
never access data belonging to another account, and vice versa.
We conduct multi-person code reviews for each new deployment to
our server infrastructure. In addition, we
host weekly security reviews at an organisational level. Prior
to deployment, every software commit must
comply with unit and integration tests designed to catch
potential errors or vulnerabilities before
deployment to our production systems.
Our engineering and data science teams are required to deeply
understand OWASP vulnerabilities and stay
up to date with the latest security vulnerabilities releases and
paradigm shifts in the security space.
We only use third-party frameworks, libraries and mitigations
that have been vetted and
approved by the security community, e.g., Strict CSP.
We use leading tools to monitor incoming and outgoing network
traffic across our infrastructure. Any detected
suspicious activity on our network is reviewed immediately and
action is taken to determine the source
and mitigate any risks arising from it.
We regularly update our tools and libraries. We do so to improve
the quality of our product
and to patch vulnerabilities as they are discovered.
Out-of-date third-party libraries, frameworks and services are
scanned, detected, and flagged automatically.
We enable team administrators to manage team-wide settings. This
includes single sign-on and two-factor authentication (2FA).
Team administrators can also manage integrations, deactivate
users, and update users’ account details.
Our infrastructure runs exclusively on Amazon Web Services (AWS). In
addition, we conform to the
highest industry standards, requiring the latest best-in-class
encryption protocols to encrypt all
data in transit and at rest.
Our entire application runs over SSL provided by AWS. Our SSL
utilizes the SHA-256 algorithm with RSA encryption.
All passwords are hashed in our production database using bcrypt.
We use AWS Aurora as our relational database. AWS Aurora is
optimized for performance and availability.
Data backups of up to 30 days are available. This means that we can
restore data from up to four points
each day within the past 30 days in the event of disaster recovery.
Our Amazon Aurora instances run
in a Virtual Private Cloud on the AWS network.
Management of Secrets
Secrets are stored securely and never in the source code. This means
that secrets and keys never pass through
code version control tools or other third parties. Access to our
infrastructure and related services
requires SSH and two-factor authentication when possible.
Monitoring and Logging
Our infrastructure runs on fault-tolerant systems and data backups
are made four times a day.
We use third-party providers to provide 24/7 monitoring and alerting
of any downtime, e.g., Pingdom and Sentry.