Amoeboids considers the security of our systems and security of customers data to be of the utmost importance.
Hackers also have access to this page and can’t disclose much here, If you have any further questions don’t hesitate to contact us.
Security Practices
Amoeboids uses a variety of tools and techniques to help protect our data and software.
Hosting
We use AWS as infrastructure provider to serve applications. We choose AWS simply because it is secure, it scales and reliable.
How secure AWS is?
Some even say “It is secured better than most banks vault around the world”
AWS Security Whitepaper – AWS canonical whitepaper on its security practices. Continually updated to address the security specifications for every AWS service.
Independent security audits of AWS – AWS provides certification reports that describe how AWS infrastructure meets international security standards, including:
ISO 27001 – a widely recognized international security management standard
SOC – 3rd party examination reports on AWS security and availability controls
FedRamp – the security standard for the federal government
Case studies on AWS security: Financial Industry Regulatory Authority (FINRA), Pacific Life Insurance
Password and Cookies
Password: Your password is never stored or logged in plain text in our system. It is always encrypted using strong algorithm and stored. Even we can not read or recover your password. You always have to reset your password, in case you lost it
Cookies: We do not store sensitive information in cookies. Our cookies are secured and transferred over HTTPS
Data encryption
All data is encrypted during transit using https/SSL. We do not encrypt email and names on server as they are required for search.
Data privacy
here..
Deleting data
We keep data for 90 days post delete company data request. After this company data will be hard deleted from the system permanently.
Porting your data
We support exporting major data (OKR, Users etc) in excel format.
Security Audits
here ..
Database Access
Database access on aws is configured in such a way that, even application on AWS can not access database if it is not a part of designated security group.
How do we prevent unauthorized access from within company?
Only designated person in team can access Database. It is a short lived window and access is granted by our AWS admin, that to based on IP.
Disaster recovery
Although Database is secured on AWS, keeping data ready is ours responsibility. We do take daily backups to avoid any data loss in case of any disaster.
Reporting Security Vulnerabilities
Amoeboids welcomes input from the security research community. Through responsible disclosure we are hoping to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to notify us of any potential vulnerabilities by raising ticket here
Bug Bounties
We will be launching a formal bug bounty program shortly.