Security and privacy are core to Activity Messenger. The data you import is kept secure and private.
- The platform is hosted on AWS, a leading reputated cloud provider. Security and Compliance is shared between AWS and Activity Messenger as described in the Shared Responsibility Model.
- We follow AWS Security Best Practices to ensure no outside party can access the application code and the database.
- The web server, the database, and file storage are 100% stored and replicated in Canada (AWS ca-central-1).
Protection from Data Loss, Corruption
- We perform database backup and mirroring to mitigate the risk of data loss.
- We have multiple layers of logic to seggregate account information at the application level.
- We have a documented disaster recovery procedure that is regularly tested.
Application Level Security
- We use a robust framework for authentication and account segregation. Updates are regularly applied to remain up to date.
- Passwords are hashed and not accessible to anyone. If you lose your password, using the reset password mechanism is the only way to access your account.
- Communication between your browser and our server is always encrypted. All pages pass data through TLS (HTTPS).
- The platform implements CSRF (cross-site request forgery) protection on every page to mitigate against man-in-the-middle attacks.
PCI DSS Certification
- We use Stripe, a leading PCI DSS compliant payment provider, to process payments. Credit card information never touches our servers. We do not keep credit card information.