We understand that your data is vital to your business. At Status.io, safeguarding your data is our top priority. Here’s how we ensure the security and integrity of your information:

System Security

Hardened Systems: Our installations use hardened, patched operating systems to reduce vulnerabilities.

Firewall & VPN Protection: Dedicated firewalls and VPN services block unauthorized access to our systems.

Operational security

Primary Data Centers: Powered by Amazon Web Services (AWS), with ISO 27001 and ISO 27018 certifications.

Secondary Data Centers: Powered by DigitalOcean, with ISO 27001 certification and SOC 2 Type II compliance.

Access Logging: All system access is logged and tracked for auditing purposes.

Secure Document Disposal: Sensitive documents are securely destroyed following strict policies.

Change Management: Fully documented change-management procedures ensure system integrity.

Secure Communications

Data Transmission: All private data is transmitted over encrypted TLS/SSL connections (e.g., your dashboard is served over HTTPS).

Virtual User Accounts: No direct user accounts exist on server instances, ensuring an additional layer of protection.

File Systems and Backups

Code Storage: All code is stored on at least three servers, including off-site backups.

Customer Data: Data is backed up hourly, encrypted, and stored across multiple geographic locations.

Backup Retention: We do not retroactively delete data from backups after user deletion requests.

Employee Access

Limited Access: Employees do not access private customer data unless necessary for support purposes.

Support Protocols: Staff may log into your account only to address specific support issues. Access to sensitive data is only granted with your consent and is strictly limited to what is required for resolution.

Respect for Privacy: We prioritize your privacy and handle data with care during support interactions.

Ongoing Security Measures

Brute Force Protection: Login attempts are rate-limited to prevent brute-force attacks.

Password Encryption: All passwords are one-way encrypted using bcrypt and are never logged.

Multi-Factor Authentication (MFA): Enhance your account security by enabling MFA, which requires both your password and a security code from your MFA device.

Continuous Testing: All new features are rigorously tested to identify and mitigate potential vulnerabilities.

Penetration Testing: We partner with reputable security firms to conduct penetration testing and ongoing audits.

Credit Card Safety

Secure Payments: We do not store credit card information on our servers. Payments are securely processed by Stripe, Inc., which uses PCI-compliant servers to handle sensitive payment data.

We are committed to maintaining the highest security standards to protect your data and give you peace of mind. If you have any questions about our security practices, feel free to contact us.