Security

Security and privacy are core to Activity Messenger. The data you import is kept secure and private.


Cloud Security

  • The platform is hosted on AWS, a leading reputated cloud provider. Security and Compliance is shared between AWS and Activity Messenger as described in the Shared Responsibility Model.
  • We follow AWS Security Best Practices to ensure no outside party can access the application code and the database.

Data Storage

  • The web server, the database, and file storage are 100% stored and replicated in Canada (AWS ca-central-1).

Protection from Data Loss, Corruption

  • We perform database backup and mirroring to mitigate the risk of data loss.
  • We have multiple layers of logic to seggregate account information at the application level.
  • We have a documented disaster recovery procedure that is regularly tested.

Application Level Security

  • We use a robust framework for authentication and account segregation. Updates are regularly applied to remain up to date.
  • Passwords are hashed and not accessible to anyone. If you lose your password, using the reset password mechanism is the only way to access your account.
  • Communication between your browser and our server is always encrypted. All pages pass data through TLS (HTTPS).
  • The platform implements CSRF (cross-site request forgery) protection on every page to mitigate against man-in-the-middle attacks.

PCI DSS Certification

  • We use Stripe, a leading PCI DSS compliant payment provider, to process payments. Credit card information never touches our servers. We do not keep credit card information.