Customer journey maps and personas can be full of sensitive data that you don't want to be leaked. At UXPressia, we take confidentiality and security very seriously and there is a number of measures we take to keep your data protected and secure.
Measures we take:
- We ensure the platform can be restored quickly in case of an emergency by creating daily backups of the entire system and all customer data.
- Our entire code base gets patches, vulnerability scans and security audits on a regular basis.
- To prevent any unauthorized activity, all access to our server, the admin panel, and the rest of the system is constantly being logged and tracked.
- We use Intrusion Prevention System (IPS) so that any remotely suspicious activity/traffic triggers an immediate alert.
- We keep our system protected by a strong server-side firewall.
- We keep our development, testing, and production environment and databases separated to ensure that every update and patch is fully tested before it goes live.
- We make sure that all security settings in our software are constantly enabled.
- We make sure that every connection you make to each UXPressia page is safe by using SSL certificates on our servers.
- We access our internal collaboration tools via HTTPS protocol only which provides a secure environment and eliminates any possibility of hacking.
- A Representational State Transfer (REST) interface provides another level of security by checking user's login status before processing every single request.
- We connect to the production server only SSH2 using DSA keys which eliminates the possibility of fishing our passwords.
How we treat passwords:
- User passwords are always stored encrypted (using BCRYPT) which ensures their safety and eliminates the risks of being deciphered.
- Your passwords are filtered from all our logs so we don't have any access to them.
- Our internal passwords are extremely strong and can be accessed only by a limited number of our engineers.
- All vendor-supplied default passwords to our operational system, network devices, and database management application have been changed or disabled providing an additional layer of security for the entire system.
How we deal with human factor:
Any system, however secure it might be, can be compromised when there's a human factor in play. So here's a snap of what we do to in order to cross our human factor:
- Only CEO, CTO and a limited circle of engineers have access to production server passwords.
- Once an employee leaves the company or changes his position, we immediately remove/modify their access.
- We limit access to development and test environments to a very narrow circle of engineering personnel.
Credit card safety:
When you enter your payment card details on the billing page, we do not store any of your card information on our servers. Instead, it is passed to the Stripe payment processing system. Companies like Facebook, Kickstarter, Slack or Unicef use Stripe as well. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Now that GDPR is here, we updated our system and our policies in compliance with the new rules. And here are some reads if you're interested to know how GDPR-compliant we are at UXPressia:
Our hosting provider:
Our system and database run on Digital Ocean servers based in the UK. Here are some of their security measures:
- Enforcing multiple layers of security via a variety of technological and human measures in each of the facilities they collocate.
- Storing all equipment in locked cages.
- Enforcing strict filtering rules to ensure that application parts can only communicate using their allowed IP addresses.