Security

Technical Measures

Encryption in Transit All user data is transmitted via encrypted HTTPS connections, with modern versions of TLS.

Encryption at Rest Our backend and database servers are encrypted at rest in production (FIPS 140-2 Level 1).

Rate Limited Authentication Authentication endpoints of our servers are rate limited to protect against brute forcing.

Password Storage Passwords are hashed with modern algorithms before storage, using appropriate condiments.

Automated Backups Encrypted backups of our databases are automatically created at regular intervals and stored at distance from our servers. We perform regular rehearsals for backup restoral. Backups are automatically deleted after a limited retention period.

Event Logging Our backend servers forward a log of internal events to a centralised logging platform. Sensitive or personally identifiable information is removed or pseudonymised before transmission to the log storage. Logs are kept for a limited period only.

Managed Servers Our backend servers are operated by Nine, an ISO 27001 and ISO 9001 certified hosting provider. The servers are housed in physically protected data centers in Switzerland. They are frequently patched for improved security and stability. Additional servers are operated in other, equally access-protected data centers in Europe.

Organisational Measures

Staged Deployments Our application releases move gradually from development to production environments, increasing the chance that bugs can be caught before reaching customers. A small number of validation partners help us to test code under real world conditions before general deployment.

Password Advice Our applications provide interactive feedback on password quality instead of applying static rules, following current advise from NIST.

Peer Review and Version Control New code undergoes peer review before it is integrated into our applications. Both code and core infrastructure configuration are version controlled, so that builds and deployments are traceable and reproducible.

Continuous Integration Automatic builds and test suites run for code added to our version control system.

Staff Access All members of our development and operations team are equipped with hardware tokens for two-factor authentication and secret protection. Team members receive access levels that are appropriate for their responsibilities. Signing of a GDPR-informed confidentiality agreement is a prerequisite for access to production systems.

Incident Reports Any operational incident is followed by a written postmortem to analyse the events and determine a set of appropriate preventative measures. This happens irrespective of whether the incident causes a disruption to our users.