We welcome security disclosures on our product and services. To responsibly report please email firstname.lastname@example.org.
We are 100% committed to NOT selling or providing any information about our customers and will use the data solely for improving the efficacy of our service.
We follow modern security practices and policies for code review, build time security, runtime security, and incident response. All builds are scanned for vulnerabilities throughout the process, all code is scanned for miss-configurations, code is backed up, and privileged access is limited (see below).
Although we have an office in Vancouver we adhere to a BeyondCorp model where we assume all our employees have the same security posture irrespective of location.
We eat our own steak, not dog-food. We are our own biggest critic when it comes to secure distributed access to our resources. The Border0 product is used for all employee access to all resources for administration and troubleshooting and critical access is limited to a small group of top-level administrators.
All of the infrastructure we operate is in AWS data-centers and complies with several standards when it comes to physical access. We don’t even have access to our own infrastructure :).
All employees are required and we enforce Multi-factor authentication for ALL services.