Security
Fundly takes your data security and privacy seriously and meets the following standards regarding the collection, use, and retention of personal information.
We partner with Microsoft Azure, the industry leader in managed hosting, to manage our server environment. For more information on Microsoft Azure's infrastructure level security information, Click Here
Database level security
- IP based security: This means, only a few allowed IP addresses can access the databases.
- Currently, the allowed IP addresses are:
- IP address of the web application and background jobs
- IP address of technical team. Credentials are only with the team members who need to troubleshoot.
- Currently, the allowed IP addresses are:
- Encrypted communication channel
- The communication channel between the database and background jobs or web application is secured to avoid spoofing.
Application level security
- HTTPS/SSL communication between browser and web server.
- Security in place to avoid normal security threats like:
- SQL injections
- Cross-site scripting
Frequently Asked Security Questions:
What is your business continuity plan?
We are on Microsoft’s Azure Cloud with automatic failover redundancy in 2 different time zones. In case of a disaster, there will be automatic switching to allow for almost zero downtime.
Explain your backup process, including location, frequency and retention periods.
Real time backup and redundancy. Backups can be retrieved for 30 days.
In the event of an emergency, how quickly can a back-up be recovered?
See above.
What security provisions are in place to keep our data secure and confidential?
Security is an essential part of our product. We have considered most of the common vulnerability threats while implementing the security:
Application Level Security
- The product is accessible only on https protocol. The SSL is issued by Trustwave Holdings and the encryption key is 256 bit key.
- User identity is stored using encrypted cookie
- Our code architecture has below mentioned vulnerability considerations
- SQL Injections
- Format string vulnerabilities
- Cross Site Scripting
Infrastructure Level Security
- The application is hosted on Microsoft Azure infrastructure.
- The database servers have IP based firewall. Production servers can be accessed only through white listed IP range.
- Password is stored with salted encryption algorithm
In the event of a data leak, what is your process for communicating and recovering from the incident?
Our internal protocols require us to identify source of leak, areas of data tables that were exposed because of the leak, the actual data that was potentially lifted and accounts impacted. Once that investigation is complete and the leak source plugged, we would start customer notification.
What and when was your last data leak? What happened? What did you learn from it?
We have never had one.
For more detailed information, please review our privacy policy.
Comments
0 comments
Article is closed for comments.