Security at Status.io
We know your data is extremely important to you and your business, and we're very protective of it.
System security
System installation using hardened, patched OS.
Dedicated firewall and VPN services to help block unauthorized system access.
Operational security
Our primary data center operations are powered by Amazon Web Services (AWS' ISO 27001 certification, AWS' ISO 27018 certification).
Systems access logged and tracked for auditing purposes.
Secure document-destruction policies for all sensitive information.
Fully documented change-management procedures.
Communications
All private data exchanged with Status.io is always transmitted over TLS/SSL (which is why your dashboard is served over HTTPS, for instance).
All users are virtual (meaning they have no user account on our server instances).
File system and backups
Every line of code we store is saved on a minimum of three different servers, including off-site backups. Customer data is backed up hourly and stored encrypted in multiple geographic locations. We do not retroactively remove data from backups when deleted by the user.
Employee access
No Status.io employees ever access private customer data unless required to for support reasons. Support staff may log into your account to access settings related to your support issue. In rare cases staff may need to access your data, this will only be done with your consent. When working a support issue we do our best to respect your privacy as much as possible, we only access the data and settings needed to resolve your issue.
Maintaining security
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over TLS/SSL.
We also allow you to use multi-factor authentication, or MFA, as an additional security measure when accessing your Status.io account. Enabling MFA adds security to your account by requiring both your password as well as access to a security code on your MFA hardware device to access your account.
We always test new features in order to rule out potential attacks.
We also maintain relationships with reputable security firms to perform penetration testing and ongoing audits of Status.io.
Credit card safety
When you sign up for a paid account on Status.io, we do not store any of your card information on our servers. It's handed off to Stripe, Inc., a company dedicated to storing your sensitive data on PCI-Compliant servers.
System security
System installation using hardened, patched OS.
Dedicated firewall and VPN services to help block unauthorized system access.
Operational security
Our primary data center operations are powered by Amazon Web Services (AWS' ISO 27001 certification, AWS' ISO 27018 certification).
Systems access logged and tracked for auditing purposes.
Secure document-destruction policies for all sensitive information.
Fully documented change-management procedures.
Communications
All private data exchanged with Status.io is always transmitted over TLS/SSL (which is why your dashboard is served over HTTPS, for instance).
All users are virtual (meaning they have no user account on our server instances).
File system and backups
Every line of code we store is saved on a minimum of three different servers, including off-site backups. Customer data is backed up hourly and stored encrypted in multiple geographic locations. We do not retroactively remove data from backups when deleted by the user.
Employee access
No Status.io employees ever access private customer data unless required to for support reasons. Support staff may log into your account to access settings related to your support issue. In rare cases staff may need to access your data, this will only be done with your consent. When working a support issue we do our best to respect your privacy as much as possible, we only access the data and settings needed to resolve your issue.
Maintaining security
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over TLS/SSL.
We also allow you to use multi-factor authentication, or MFA, as an additional security measure when accessing your Status.io account. Enabling MFA adds security to your account by requiring both your password as well as access to a security code on your MFA hardware device to access your account.
We always test new features in order to rule out potential attacks.
We also maintain relationships with reputable security firms to perform penetration testing and ongoing audits of Status.io.
Credit card safety
When you sign up for a paid account on Status.io, we do not store any of your card information on our servers. It's handed off to Stripe, Inc., a company dedicated to storing your sensitive data on PCI-Compliant servers.