How We Secure Your Data
Security is an ongoing process. Because new exploits are being developed and cleverer ways to trick someone out of their password, security isn't "set and forget" but a matter of constant vigilance.
We apply strong security principles, writing software in a guarded and cautious way but we don't assume that's enough. We pay attention to signs of trouble, and respond quickly if a client points anything out that's suspicious. Should a security issue occur, our action plan involves notifying any parties impacted and a review of how we can prevent that kind of problem in the future.
Should you notice a vulnerability or something suspicious, please let us know using this form.
Here are the principles our security is built around:
SSL (https) Encryption
We use industry-standard https encryption to ensure nothing is sent or received in "plain text". Check for a padlock icon in your browser to confirm an encrypted connection.
All inputs are carefully validated and we're across sneaky things like injection or XSS attacks.
2-Factor Authentication (2FA)
A second means of identification helps ensure a compromised password isn't enough for someone to access your account. We send a text message to your phone, so there's a second identity check and a text warning to you if someone else is trying to log into your account.
Australian Data Center
Our data is kept on servers operated by Cloudways, who also take security seriously. We've selected only Australian servers to ensure additional jurisdictional and geographic certainty.
Content is separated into separate "rooms". Each Room is invitation-only so its admins have full control over who has access to the content in that room.
User Activity Logging
User activity is logged so we can track down anything suspicious
We maintain daily offsite backups to ensure your information isn't just private, it's also safe from accidents or data corruption.
Should you wish to discontinue using our online services just let us know and we'll take down your content, typically within a week. No fuss.
You Play a Key Role in Your Security
You are a part of our security system, and your actions can strengthen or weaken your security:
- Do not hand out login information to others. Actual admins will never ask for your password
- Choose a strong password for your account
- Ensure your email account has a different, strong password
- When you download documents (eg, a pdf) you take on responsibility for its storage and disposal