Audits & Certifications
Our datacenters maintain ISO27001, SOC 1 Type II, and PCI compliance among other industry-standard certifications.
You can request our full security kit toward the bottom of this page.
US/EU Datacenters
Your data is isolated in either our European (Amsterdam) or United States (Virginia) datacenter, based on where you sign up. We never transmit or store data outside of the European Union or United States, respectively.
Dedicated Servers
We lease our own dedicated (iron) servers. We don't use any cloud or shared hosting across our platform.
Data Security
We send data over HTTPS (an encrypted channel) to our platform and allow you to disable tracking of keystrokes in all form fields, disable keystrokes in specific form fields, and exclude/replace content shown in your HTML.
We also salt and hash passwords (using pbkdf2) and offer two-factor authentication.
Physical Security
We take extreme precautions to safeguard our platform. This includes the following measures:
- CCTV cameras inside and out
- Zoned-access control key card system with secure turnstiles
- Access list
- Visitors escorted at all times within the building
- Intrusion detection systems
- Security guards on-site 24/7
- Security patrol of complete business site
- Perimeter electric fencing
- Secured loading dock
- Complete location above sea level
- VESDA fire detection
- Gas based fire suppression
- Outside of flight paths
- Constant monitoring of security systems and alarms 24/7/365
Monitoring & Testing
We use internal and third-party systems to monitor the confidentiality, integrity, and availability of our platform. If an incident occurs, a team of engineers is alerted immediately. And, if needed, we'll alert you (the client) without delay.
We conduct routine vulnerability scans, penetration tests, and ensure our development efforts follow industry-standard guidelines/best practices.
Policies & Procedures
We follow formal documents to ensure consistency and reliability in our security. This includes requiring all employees to abide by our information security policy, insisting on SLAs (where possible), and maintaining a formal business continuity/disaster recovery plan.