Skip to content

Security practices at RecurPost

Overview

At RecurPost, protecting our user’s data is our highest priority.

Our security practices are explained in this article. However, if you still have any questions please do not hesitate to contact us.

Infrastructure Security

RecurPost services are built on primary Amazon web services. We use Microsoft Azure cloud in part for data redundancy.

Both of the Infrastructure vendors are highly reputable and conform to almost every popular security protocol out there. You can read more about AWS security here: https://aws.amazon.com/security/. You can read more about AWS compliance here: https://aws.amazon.com/compliance/programs/. You can read more about Azure security here: https://docs.microsoft.com/en-us/azure/security/fundamentals/overview

Network Level Access and Security

Our infrastructure is secured with multi-level security. It might help to mention that we were audited by a third-party security firm hired by Facebook to make sure that the Facebook user data that we collect is actually stored in compliance with their guidelines. They reviewed our security and found it to be adequate.

  • Our databases are only accessible to the servers that need those. We do not have public access to our databases.
  • We use IP address filtering to further control who has access to our infrastructure
  • All of our internal users with access to our AWS accounts must have a 2FA setup. This is enforced automatically using a policy coded into our account and hence cannot be overridden.

Data Level Security

Data Location Your data is stored in the US location, US East to be more specific.

Encryption in transit Data in transit is secured using the standard protocol. No part of our site can be accessed without SSL/TLS protection.

Encryption at rest All of our user data at rest is encrypted with industry standards.

Service Level Agreement

While we do not offer any guarantees on our uptime, we try to maintain 100% uptime for RecurPost.

Backup and Recovery

We perform daily backups on our database and these backups are stored with the same encryption at rest protocols.

Access to Code

All RecurPost applications are built by our in-house developer

Development Best Practices

We constantly upgrade our operating systems and code to the latest stable versions.

We regularly update our dependencies and make sure none of them has known vulnerabilities.

Application Security Monitoring

We employ security monitoring systems offered by AWS to track and thwart any security attacks on our system.

We have both manual and automated system to log and monitor exceptions, errors, and bugs in our system.

We store logs to be able to provide a trail of activity in RecurPost.

Product Security

We have multiple levels of checks in our system to provide security.

Access Control

Every user who can impersonate another user (for troubleshooting and customer support) is provided access control on an as-needed basis.

We store passwords after hashing them using salt.

Internal Users

All of our new hires require access to the platform or user data, beyond what is offered by a simple user account, are trained on the security aspects of our system. We can control who has access to the system and even revoking that access is possible within our system.

Development & Production

Development & Production

We have a multi-stage pipeline to make sure that the code that makes it to the production system has been tested at least thrice. Access to our development and production environments requires a 2FA. Accessing the servers using a terminal requires an SSH key as well as IP level access.

Mandatory 2FA

We enable mandatory 2FA for all employees on all strategic services where it is supported. Before deciding to use another third-party cloud service, we assess both the type of data that would be stored there, as well as that company’s security practices.