We would like to make two things clear. First, we respect your privacy and take significant efforts to protect all your data. Second, we would never do anything with your data that we wouldn’t be proud to tell the world about.
Keeping our customers’ data secure is the most important thing that FlowMapp does. We go to considerable lengths to ensure that all data sent to FlowMapp is handled securely – keeping FlowMapp secure is fundamental to our business.
Customer Data Security
Our system is tailored to keep customer data sets separate. This means that every cloud instance has a unique database, as well as its own place in the filesystem. Your data will be stored in a database that is yours only and no one else can access it (except our personnel, if you grant access). Thus, no data overlapping is possible and you can be sure that your it will never end up in someone else’s hands.
We make sure that every under-the-hood service needed to run our cloud is up-to-date. The same goes for the application itself, which always runs the latest version of FlowMapp. The cloud is also the first place that gets security fixes.
Every connection to your cloud account is SSL only. Non-encrypted communication is not allowed. We also follow all best HTTPS security practices. That means we use HTTP Strict Transport Security as well as Forward secrecy. Strong AES256 encryption is used to handle the transmission (some older browsers fallback to the AES128 cipher, which is still strong enough).
Full Redundancy and Backup
All cloud systems are redundant. We use a multiple layer infrastructure architecture – load balance, application, database, storage layer. Every layer is replicated. Along with the standard MySQL replication, we even utilize a delayed MySQL replica, which leaves us time to go back in time if needed, without restoring backups (which would be more time consuming).
Backups are done regularly over the day, on-site as well as off-site.
Our system is monitored around the clock, using internal as well as external services. In case of a problem, we get a report in real time and are instantly ready to take care of any potential issues.
We have uptime of 99.9% or higher. You can check our past month stats at http://stats.pingdom.com/
Firewalled and Secured Access
The whole system is behind a firewall. Just the necessary ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is enabled only over a VPN connection.
The server systems are located in Canada. Access is strictly monitored. To avoid any intrusions or risks, each perimeter is secured with barbed wire fences. The area is also monitored by constant video surveillance and motion detection sensors. Activity both within and outside of the datacentres is monitored and recorded on secure servers, with surveillance teams working on site, 24/7.
In order to control and monitor access to the OVH premises, strict security procedures have been put in place. Each staff member receives a RFID name badge, which is also used to restrict their access. Employee access rights are reassessed regularly, according to their remit. To access the premises, employees must hand in their badges for verification before passing through the security doors.
The data centres have an even higher level of protection, as only authorized personnel can gain entry. OVH installations are strictly for our own use.
FlowMapp is not subject to PCI obligations. All payment instrument processing is outsourced to FastSpring.