How we develop secure software
- We use code reviews to detect vulnerabilities before merging and delivering to customers,
- We ensure that we check for permissions for any resources we have, and we regularly review those permissions,
- We use Git to manage changes, so that any code that goes to production is easily auditable.
How we keep our communications secure
- We use SSH keys to access our servers,
- We use HTTPS and SSL certificates to communicate between us and with you.
- We don't transfer data in clear-text over the network, except in situations where we display a warning such as support requests through emails.
How we keep the data secure
How we ensure continued security
Whenever we are aware of a leak affecting the software we use (for example Heartbleed or Shellshock), we halt the service in emergency and upgrade our systems.