As we are are security company, we really care about your and our own data. We also like to be transparent about our policies and security practices. That being said, this is our model.
Your password is stored encrypted in our system using the powerful bcrypt hashing function. That means that any leak of our user data will remain highly encrypted, and your password will never be put to risk.
Your user data is also not stored on any of our web servers, instead we store all sensitive data on dedicated database servers, out of reach for any attacker.
All of our endpoints are encrypted using the SSL/TLS protocols. Even internal communication between subsystems empowers SSL and TLS - we do so just to really tighten up the data integrity.
We use DigiCert as our certificate authority.
As we perform automated security tests, we also practice what we preach. We do our very best in order to keep our platform up to data from the latest security threats. We’re a small team, and we’re not more than human. Therefore we encourage you to report any vulnerabilities, flaws and bugs you come across by participating in our responsible disclosure program.