We understand that your data is vital to your business. At Status.io, safeguarding your data is our top priority. Here’s how we ensure the security and integrity of your information:

System Security

Hardened Systems: Our installations use hardened, patched operating systems to reduce vulnerabilities.

Firewall & VPN Protection: Dedicated firewalls and VPN services block unauthorized access to our systems.

Operational security

Primary Data Centers: Powered by Amazon Web Services (AWS), with ISO 27001 and ISO 27018 certifications.

Secondary Data Centers: Powered by DigitalOcean, with ISO 27001 certification and SOC 2 Type II compliance.

Secure Multi-Tenant Architecture: Our multi-tenant architecture ensures data isolation with rigorous unit testing and layered safeguards at the database and application levels.

Access Logging: All system access is logged and tracked for auditing purposes.

Strict Data Handling Policy: Production data is never copied to external devices, including personal computers.

Your Data Stays Private: We do not sell, rent, or share your data with third parties. Any information we collect is solely used to enhance our services, improve system performance, and provide you with the best possible support experience. Your privacy is our priority. For a detailed breakdown of the data we collect, please refer to our Privacy Policy.

Secure Document Disposal: Sensitive documents are securely destroyed following strict policies.

Change Management: Fully documented change-management procedures ensure system integrity.

Audit Logs: Customers have access to detailed audit logs that track all account activities. These logs provide visibility into actions performed, helping you monitor usage, identify potential issues, and maintain compliance.

Secure Communications

Data Transmission: All private data is transmitted over encrypted TLS/SSL connections (e.g., your dashboard is served over HTTPS).

Virtual User Accounts: No direct user accounts exist on server instances, ensuring an additional layer of protection.

Backup and Disaster Recovery

Disaster Recovery Plan: We have a comprehensive disaster recovery plan in place to ensure continuity during catastrophic events. Our systems are designed with failover mechanisms and geographically distributed backups to minimize downtime and maintain access to critical data and services.

Customer Data: our data is backed up hourly, encrypted for security, and distributed across multiple geographic locations for maximum reliability.

Code Storage: We store all code on at least three servers, including secure off-site backups, to ensure redundancy and availability.

Backup Integrity Testing: Our backups are regularly tested for reliability and recoverability to ensure they can be restored when needed. This includes validating the integrity of stored data and performing simulated recovery scenarios to verify the effectiveness of our processes.

Employee Security Practices

Security Training: All employees undergo regular security awareness training to stay informed about the latest threats, best practices, and incident reporting procedures. This ensures everyone on our team is prepared to identify and respond to potential security risks effectively.

Limited Access: Employees do not access private customer data unless necessary for support purposes.

Support Protocols: Staff may log into your account only to address specific support issues. Access to sensitive data is only granted with your consent and is strictly limited to what is required for resolution.

Respect for Privacy: We prioritize your privacy and handle data with care during support interactions.

Employee Device Security: We enforce strict policies to secure employee devices, including mandatory encryption, strong access controls, and remote wipe capabilities. These measures help protect sensitive information, even in the event of a lost or compromised device.

Two-Factor Authentication: We secure access to servers, datastores, source code, and third-party tools using robust two-factor authentication methods, avoiding SMS-based options whenever possible.

Employee-Only, US-Based Team: We do not hire contractors; all of our team members are full-time employees based in the United States.

Ongoing Security Measures

Brute Force Protection: Login attempts are rate-limited to prevent brute-force attacks.

Password Encryption: Passwords are securely hashed using industry-standard bcrypt and are never logged or stored in plain text. All secrets are encrypted both in transit and at rest to ensure maximum security.

Multi-Factor Authentication (MFA): Enhance your account security by enabling MFA, which requires both your password and a security code from your MFA device.

Secure Development: We follow strict secure coding practices to minimize vulnerabilities and ensure the safety of our systems. Our developers undergo regular security training to stay updated on the latest threats and best practices, fostering a culture of security throughout the development process.

Source Code Review and Automated Testing: We conduct regular source code reviews and leverage automated testing tools to identify and address potential vulnerabilities.

Continuous Testing: All new features are rigorously tested to identify and mitigate potential vulnerabilities.

Penetration Testing: We partner with reputable security firms to conduct penetration testing and ongoing audits.

Secure Third-Party Integrations

Vendor Risk Management: We carefully evaluate all third-party services and vendors to ensure they meet strict security standards. This includes reviewing their security certifications, compliance policies, and operational practices to minimize potential risks.

API Security: Our APIs are secured with robust authentication, rate limiting, and continuous monitoring. These measures prevent unauthorized access, protect against abuse, and ensure reliable performance for your integrations.

Business Continuity

Redundancy: Our systems are built with redundancy at every level to ensure high availability and prevent downtime. Critical components are replicated across multiple servers and geographic locations to maintain seamless operations.

Failover Mechanisms: We utilize both hot and cold failover systems to handle unexpected failures. Hot failover ensures immediate switching to backup systems without interruption, while cold failover provides additional backup capacity to restore operations in less time during catastrophic events.

Security Incidents

Incident Detection: We use monitoring tools and alert systems to track system activity and detect potential breaches in real-time. If anything unusual is detected, our security team is alerted immediately to respond and protect your data.

Incident Management: We have a clear process for handling security incidents. When an issue is detected, our team investigates and resolves it quickly to reduce impact. If customers are affected, we notify them with updates and explain the steps taken to fix the problem. Our goal is to address incidents swiftly and transparently while maintaining the security and trust of our users.

Credit Card Safety

Secure Payments: We do not store credit card information on our servers. Payments are securely processed by Stripe, Inc., which uses PCI-compliant servers to handle sensitive payment data.

FAQs

What Data Do We Collect? We only collect information necessary to improve our product, monitor system performance, and provide efficient support when needed. This includes events such as API requests and similar interactions with the system. For a detailed breakdown of the data we collect, please refer to our Privacy Policy.

Where Is Data Stored? Your data is securely stored in data centers located in the United States, Canada, and Ireland. These geographically distributed locations ensure reliability, redundancy, and compliance with global standards.

Do We Use a CDN? We leverage AWS CloudFront, a global content delivery network (CDN), to enhance the security and resilience of our services. CloudFront protects against DDoS attacks, ensures encrypted data transmission, and accelerates content delivery by caching it across multiple edge locations worldwide. This robust infrastructure minimizes downtime, enhances performance, and keeps your data secure.

We are committed to maintaining the highest security standards to protect your data and give you peace of mind. If you have any questions about our security practices, feel free to contact us.