Security Manifesto

We take security seriously here at And for good reason: every person and team using our service expects their data to be secure and confidential. We understand how important the responsibility of safeguarding this data is to our users and customers and work to maintain that trust. If you believe you have found security vulnerability in, please get in touch with our team at


We place strict controls over our employees' access to the data you and your users make available via the services ("Personal Data"), and are committed to ensuring that Personal Data is not seen by anyone who should not have access to it. The operation of the services requires that some employees have access to the systems that store and process Personal Data. For example, in order to diagnose a problem you are having with the services, we may need to access your Personal Data. These employees are prohibited from using these permissions to view Personal Data unless it is necessary to do so. We have technical controls and audit policies in place to ensure that any access to Personal Data is logged.

All of our employees and contract personnel are bound to our policies regarding Personal Data and we treat these issues as matters of the highest importance within our company.

Personnel Practices

All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the services.


The environment that hosts services maintains multiple certifications for its data centers.

Data Encryption In Transit

The services support the latest recommended secure cipher suites and protocols (SSL) to encrypt all traffic in transit.


We understand that you rely on the services to work. We're committed to making a highly available service that you can count on. Our infrastructure runs on systems that are fault tolerant, for failures of individual servers or even entire data centers. Our operation team tests disaster-recovery measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.

Disaster Recovery

We have tested backup and restoration procedures, which allow recovery from a major disaster. Personal Data and our source code are automatically backed up on a regular basis. The Operations team is alerted in case of a failure with this system.

Network Protection

Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration.

Host Management

We perform automated vulnerability scans on our production hosts and remediate any findings that present a risk to our environment.

Logging maintains an extensive, centralized logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about the services. These logs are analyzed for security events via automated monitoring software, overseen by the security team.

Incident Management & Response

In the event of a security breach, will promptly notify you of any unauthorized access to your Personal Data. has incident management policies and procedures in place to handle such an event.

External Security Audits

We contract with respected external security firms who perform regular audits of the services to verify that our security practices are sound and to monitor the services for new vulnerabilities discovered by the security research community.

Product Security Practices

New features, functionality, and design changes go through a security review process facilitated by the security team. In addition, our code is audited with automated static analysis software, tested, and manually peer-reviewed prior to being deployed to production. The development teamwork to resolve any additional security concerns that may arise during development.