Audiense Security Practices
Your data is sent using HTTPS.
When your data is moving between you and us, everything is encrypted and sent securely using HTTPS.
We host on Amazon Web Services
Audiense is hosted on Amazon Web Services cloud platform. This places your data in their US data centres. At the time of writing, we use their Virginia and California data centres.
Using AWS means we take advantage of their rigorous security standards and reliance, servers and firewalls are always up to date. You can read more about their specific standards and procedures here: https://aws.amazon.com/security/
We don’t store your debit/credit card information.
All our payments are processed through Recurly https://recurly.com/. They are a PCI-DSS Level 1 compliant organisation – the most stringent certification level available in the payment industry.
Using Recurly means we don’t need to store your payment card details, they are sent encrypted direct to Recurly, we don’t store them anywhere.
You can read more about security at Recurly here: https://recurly.com/security/
Your passwords are hashed
We hash your passwords using a key derivation function, but that’s no reason not to create a strong password in the first instance. Although we put some constraints in our passwords, we encourage you to understand, and educate your employees on what makes a strong password, and use them accordingly.
Keeping your data secure
Keeping customer data safe is a huge responsibility and our top priority. We work hard to protect our customers data from the latest threats. This is not a one time effort, it’s a continual process that we monitor and work on.
Security issues come to light through different means and activities, from articles in technical press, discovery during routine work, and through our internal reviews and vulnerability scans.
How we deal with security issues
When we discover a security threat we follow this process:
- Understand the nature of the threat.
- Assess the risk of the threat to our customers data – bearing in mind the likelihood of breach and the impact of a possible breach.
- Scope the work required to mitigate or eliminate the risk.
- Prioritise any work according to the results of this risk assessment.
- Once the issue is resolved we’ll post an update on Twitter and Email.
Every change in the source code has to pass through testing, quality control, quality assurance where we look for malicious code, back doors, easter eggs, and logic flaws. As part of our security review, we follow the OWASP Application Security Verification Standard (ASVS) Project as a guide to security control. The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
Reporting security problems
Send all security concerns directly to us at firstname.lastname@example.org We’ll get back to you as soon as we can. Feel free to tweet us too https://twitter.com/audienseco