Security whitepaper

Data location & Physical security

Our infrastructure hosted on DigitalOcean in the U.S. All of our users' data is being processed in the U.S. DigitalOcean provides 24/7/365 physical security and environmental controls to secure infrastructure from physical threat or impact or unauthorized entry. More details are available from the digitalocean.com/legal webpage.

Data encryption in transit and at rest

All data transmitted between our clients and our applications travels over SSL/TLS 1.2. Also database and backups are encrypted at rest.

Access control

We practice least privilege and role-based control when accessing to all systems. Multi-factor authentication is mandatory for all employees for access to systems with sensitive data, including our stage and production environment. Also we use personal private access keys for authentication and unique login/password pair.

Development lifecycle security

We use Bitbucket tools for version control, build and delivery code to production. After feature is ready CI runs unit tests and pushes code to our stage environment where we make tests. If there are no issues found we prepare release candidate for next release. All code is reviewed by a team before commit.

Incident management

All security incidents are rapidly investigate. All affected by an incident customers will be informed via email as soon as possible.

For any questions, you can contact us at support@yougood.one.