Our application is hosted on northamerica-northeast1, a secure Google Cloud data centre located in Montreal, Canada. We can also deploy your data to regions in the US and Europe.
Google Cloud has put in place a host of security measures to keep its data centres safe, including:
To reduce security risks and increase our application's performance, we use tools from providers with sound sustainability practices. Google Cloud’s hyper-efficient data centres use half as much energy as other infrastructure and boast:
All communications between your web browser and our software and between our application’s front end, back end and database are encrypted using a transport layer security (TLS) protocol. By default, Google Cloud encrypts all data at rest.
Our application doesn’t transmit, process or store any personally identifiable information (PII) other than users’ work email addresses. We use email addresses only to grant application access to authorized employees and delete them when the account is closed.
Our employees can access your data only on a need-to-know basis, after signing a non-disclosure agreement. They systematically lose access to it if they leave the company.
To provide our software as a service, we don’t need to physically access any secure IT facilities or environments or access your networks, systems or applications remotely.
Users you’ve approved can access our cloud-based application through a web browser.
While you’re subscribed to our services, you can export all of your data at any time, free of charge, directly from our application.If you don’t renew your subscription:
To keep up with new security best practices, our dedicated IT security team follows regular training to receive mandatory continuing professional education (CPE) credits and renew their certifications. Their credentials include:
We’re certified STAR Level 1 through the Cloud Security Alliance, which means that we follow security best practices and submit security and privacy self-assessments.
We’ve put in place a thorough implementation strategy to comply with SOC 2 type 2 requirements by the end of 2022.
Our staff follows mandatory security training every three months and receives ongoing phishing simulations. New hires also receive security training during their first week.
We use Dependabot and Snyk as software composition analysis (SCA) tools to monitor updates and security patches for the third-party libraries used by our software. We update the libraries whenever they detect a vulnerability.
We also use Snyk as our static code analysis tool (SAST). Snyk is integrated with our continuous integration and deployment (CI/CD) pipelines. It scans every pull request (PR) and fails the build if it identifies a vulnerability.
We use both tools to analyze changes to the code.
We’ve put in place a strict vulnerability testing process, which involves:
Think you’ve found a vulnerability? Write to us.
We’d be happy to show you how our platform works.