How We Secure Your Data
Security is an ongoing process. Because new exploits are being developed and
cleverer ways to trick someone out of their password, security isn't "set and forget"
but a matter of constant vigilance.
We apply strong security principles, writing software in a guarded and cautious way
but we don't assume that's enough. We pay attention to signs of trouble, and respond quickly
if a client points anything out that's suspicious. Should a security issue occur,
our action plan involves notifying any parties impacted and a review of how we can prevent
that kind of problem in the future.
Should you notice a vulnerability or something suspicious, please let us know
using this form.
Here are the principles our security is built around:
SSL (https) Encryption
We use industry-standard https encryption to ensure nothing is sent or received in "plain text".
Check for a padlock icon in your browser to confirm an encrypted connection.
All inputs are carefully validated and we're across sneaky things like injection or XSS attacks.
2-Factor Authentication (2FA)
A second means of identification helps ensure a compromised password isn't enough for someone to access your account.
We send a text message to your phone, so there's a second identity check and a text warning to you if someone else
is trying to log into your account.
Content is separated into separate "rooms".
Each Room is invitation-only so its admins have full control over who has access to the content in that room.
User Activity Logging
User activity is logged so we can track down anything suspicious
We maintain daily offsite backups to ensure your information isn't just private, it's also safe from
accidents or data corruption.
Should you wish to discontinue using our online services just let us know and we'll take down your content, typically within a week. No fuss.
You Play a Key Role in Your Security
You are a part of our security system, and your actions can strengthen or weaken your security:
- Do not hand out login information to others. Actual admins will never ask for your password
- Choose a strong password for your account
- Ensure your email account has a different, strong password
- When you download documents (eg, a pdf) you take on responsibility for its storage and disposal