Data Center Security
- EarlyPing hosts all of its infrastructure and data in the cloud using Amazon Web Services (AWS).
- We adhere to AWS' best practises, which enables us to benefit from their secure, distributed, and fault tolerant infrastructure while remaining compliant. More information about Amazon Web Services' security procedures may be found here. See: https://aws.amazon.com/security
- We enlist the assistance of third-party consulting firms to examine our infrastructure in accordance with the AWS Well Architected standard.
Failover and Disaster Recovery
- It was with catastrophe recovery in mind that our systems were planned and constructed.
- Our infrastructure and data are distributed across numerous AWS Availability Zones, and our systems will continue to function even if one or more of those data centres goes down for any reason whatsoever.
- To provide high availability, our databases are replicated using hot standby replicas that are placed in multiple data centres.
Virtual Private Cloud
- In our own virtual private cloud (VPC), all of our servers are protected by network access rules that prohibit unwanted connections to internal resources.
Encryption
- The whole EarlyPing application is secured using Transport Layer Security (TLS).
- We maintain an A+ from Qualys/SSL Labs.
- Our databases are protected using encryption both at rest and in transit.
Application Level Security
- Brute force protection is provided for both login pages and logins using the EarlyPing API.
- Each password was saved in hashed form, making it impossible for us to access or see them.
Vulnerability Scanning
- The Continuous Integration pipeline, which we employ to scan for vulnerabilities on a continuous basis, makes use of third-party security technologies to do so.
Protection from Data Loss
- Every day, we have an automated backup system that backs up all of our data.
- We test our backups on a regular basis to ensure that they are functional and can be quickly restored.
Internal IT Security
- Our software version control system is only accessible to authorised workers.
- When it is practicable, two-factor authentication is used to protect access to servers, source code, and third-party software.
- Employees are provided the bare minimum of access necessary to do their jobs effectively.
- EA confidentiality agreement is included in all employment contracts.
PCI Obligations
- When you buy a paid EarlyPing subscription, your credit card information is not sent via our servers and is not retained on them. Instead, we rely on Stripe, a firm that is only focused on this duty. Stripe has achieved PCI Service Provider Level 1 certification. Stripe's security information may be found on the company's website. Stripe's security information may be found at https://stripe.com/help/security/ for more detailed information.
Responsible Disclosure
- We encourage you to email us at security@earlyping.com if you believe you have uncovered a vulnerability in the EarlyPing application. We thoroughly investigate any security problems that have been brought to our notice, and we take a proactive approach to developing security risks as they develop.
Contact Us
If you have any questions, please contact us at hello@earlyping.com. We look forward to hearing from you.