Need to report a security vulnerability?
Papa Tools's Security Checklist
- Physical Security
- Access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
- Data centers are housed in nondescript facilities.
- System Security
- All servers use optimized, hardened, up-to-date operating systems.
- All resources are logically isolated via a Virtual Private Cloud (VPC).
- Improved resiliency against Distributed Denial (DDoS) of Service attacks.
- Multi-layer firewall protection.
- Operational Security
- Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.
- All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
- Data centers only provide data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee.
- All physical access to data centers by employees is logged and audited routinely.
- Software Security
- Web application firewall that helps protect the web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
- Papa Tools staff monitor the individual communities of the provided applications and proactively apply any available patches or updates.
- All data exchanged with Papa Tools is always transmitted over SSL. We ensure that your browser is using the HTTPS protocol for every request whether it contains sensitive information or not.
- The encrypted connection uses TLS 1.2, authenticated using AES_256_CBC with HMAC-SHA1 for message authentication and ECDHE_RSA as the key exchange mechanism.
- File System and Backups
- The database and the CDN (Content Delivery Network) storage disks are encrypted using AES-256.
- Only a few, highly trusted individuals have access to client files. Backups are stored on AES-256 encrypted disks.
- We hold at least three (3) copies of any file at geographically distinct locations at any given time.
- Employee Access
- Employees are not allowed to transfer/copy data outside of our isolated environment to local storage media for offline backup purposes without supervision.
- In the rare case of needing access to client's data by an Papa Tools employee to solve a reported issue, the client consent will be required.
- Maintaining Security
- Routine security checkups performed by our in-house security experts.
- External security firms regularly perform penetration tests and ongoing audits of Papa Tools and its code.
- Credit Card Safety
- Papa Tools does not store credit card information on its network. All payments are handled via PayPal and Stripe. The information is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
Have questions or concerns about Papa Tools security? Feel free to contact us.