TABLE OF CONTENTS
We have robust processes in place for data protection and security. All communication between your computer and 10to8 is encrypted. We use bank-grade encryption and certificates (Extended Validation certificates with 4096-bit keys and we conform to Perfect Forward Security (PFS) guidelines). Your data is hosted in a secure hosting facility and regularly backed up.
We protect against data tampering and eavesdropping by using high-grade (Class-4) level SSL certificates and HTTPS, to encrypt all data in transit outside our network. We check our SSL security using impartial third-party verification tools, for example: https://www.ssllabs.com/ssltest/analyze.html?d=10to8.com
Encrypted data includes data between our servers and our customers’ browsers, mobile phones, our static storage system: Amazon Web Services (AWS) S3 and CloudFront, as well as all data sent to third-party services (push notifications, SMS gateways, email gateways, and external calendar services).
Data in transit between our systems (for backups, background tasks, etc.) never leaves our secure network within the AWS cloud.
10to8 is monitored 24 hours a day, 7 days a week, 365 days a year. If something goes wrong, we will be the first to know about it and will have technicians working to fix the problem immediately, no matter when it occurs.
We monitor mailing lists for all our software dependencies to keep track of security notices and keep our software up to date. We also offer a security bounty for users reporting security problems.
10to8 is hosted in AWS, which is a STAR Registrant of The Cloud Security Alliance, as well as other security standards: https://cloudsecurityalliance.org/star-registrant/amazon-aws/.
10to8 does not process payments directly and instead relies on integration with the payment platform Stripe. PCI compliance is handled by Stripe, cf. https://stripe.com/docs/security and http://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe
10to8 adheres to all relevant DPA principles. Data from EU customers is stored in the EEA in Amazon’s secure servers in Ireland. Additional restrictions on the movement of data can be put in place as our system is designed to operate to store data according to various local regulations.
10to8 holds an ISO 27001 certificate and you can find more details in our blog post on ISO 27001.
10to8 data is backed up hourly. Backups are redundantly stored in multiple physical locations.
Our team has the minimal required level of access to customer information to maintain our systems and to assist you appropriately.
Want more information?