Security Policy

Data encryption

All communication between you and our servers are encrypted using HTTPS. We use HSTS to allow your browser to know in advance that it should only communicate with us using HTTPS. Our backups of your data are always encrypted. To improve their durability they’re stored in a separate geographical zone.

Physical security

We carefully chose our hosting providers. We make sure our infrastructure has full redundancy for every major system, including the power supply and internet connection. The data centers we use have surveillance teams on site 24/7, barbed-wire fencing and strict security procedures.

Infrastructure

We’re continuously updating our infrastructure to stay on top of new vulnerability. All of our servers are monitored closely and logs are stored indefinitely.

Billing information

We never store your billing information on our servers. They are handled by our partner: Stripe. They are a PCI Service Provider Level 1, the most stringent level of certification available in the payments industry.

Security Bug Bounty Program

We work with security researchers to keep up with the state-of-the-art in web security. If you have discovered a web security flaw that impacts our products, we have a Security Bug Bounty Program in place.