Security at Status.io

We know your data is extremely important to you and your business, and we're very protective of it.

Need to report a security vulnerability?
Please visit our vulnerability disclosure article to submit a vulnerability report.

System security
System installation using hardened, patched OS.

Dedicated firewall and VPN services to help block unauthorized system access.

Operational security
Our primary data center operations are powered by Amazon Web Services (view AWS' ISO 27018:2014 certification).

Systems access logged and tracked for auditing purposes.

Secure document-destruction policies for all sensitive information.

Fully documented change-management procedures.

Communications
All private data exchanged with Status.io is always transmitted over SSL (which is why your dashboard is served over HTTPS, for instance).

All users are virtual (meaning they have no user account on our server instances).

File system and backups
Every piece of hardware we use has an identical copy ready and waiting for an immediate hot-swap in case of hardware or software failure. Every line of code we store is saved on a minimum of three different servers, including an off-site backup. We do not retroactively remove data from backups when deleted by the user.

We do not encrypt status page data on disk because it would not be any more secure; the website and back-end would need to decrypt the data on demand, slowing down response times. Any user with shell access to the file system would have access to the decryption routine, thus negating any security it provides. Therefore, we focus on making our machines and network as secure as possible.

Employee access
No Status.io employees ever access private customer data unless required to for support reasons. Support staff may log into your account to access settings related to your support issue. In rare cases staff may need to access your data, this will only be done with your consent. When working a support issue we do our best to respect your privacy as much as possible, we only access the data and settings needed to resolve your issue.

Maintaining security
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.

We also allow you to use two-factor authentication, or 2FA, as an additional security measure when accessing your Status.io account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your 2FA hardware device to access your account.

We always test new features in order to rule out potential attacks.

We also maintain relationships with reputable security firms to perform regular penetration tests and ongoing audits of Status.io.

Credit card safety
When you sign up for a paid account on Status.io, we do not store any of your card information on our servers. It's handed off to Stripe, Inc., a company dedicated to storing your sensitive data on PCI-Compliant servers.

Contact Us
Have a question, concern, or comment about Status.io security? Please email security@status.io.