Security

Security

Last updated 7th March, 2019

About

Statusbrew aims to help businesses of all sizes become better marketers, create stronger relationships with their customers, be more informed decision makers, and create the world’s most beloved brands.

Statusbrew maintains organizational and technical measures to protect the information you provide to us from loss, misuse, and unauthorized access or disclosure. These measures take into account the sensitivity of the information Statusbrew collects, processes and stores; the current state of technology; the costs of implementation; and the nature, scope, context, and purposes of the data processing Statusbrew engages in.

GDPR Compliance

The EU’s General Data Protection Regulations (GDPR) take effect on May 25, 2018, and we are fully behind the spirit of these regulations for a safe and secure Internet. We aspire to embrace privacy by design and, whenever possible, to not collect and store personally identifiable information.

Our Privacy Policy contains mentions of the few instances where personally-identifiable information is required. Typically this will include an email address in order to log in to Statusbrew or a social network username in order to manage your account.

Overall, we aim for privacy by default: if data collection is not integral to the way our product works, then we won’t collect it. This approach has felt very much in line with the spirit of GDPR, and we’re fortunate that a lot of these data collection practices have been in place at Statusbrew for some time. As such, you may see a few banners or forms requesting consent for us to collect personally identifiable information for tracking or other purposes. We don’t deem this information necessary to provide Statusbrew's service to you, and we choose not to engage in activities and strategies that make this data relevant.

We commit to displaying a list of all current sub-processors in use by Statusbrew. A sub-processor includes any third party that we share personally identifiable info with.

Here is that list:

  • AWS
  • Baremetrics
  • Google
  • Hotjar
  • Intercom
  • Sendgrid
  • Stripe
  • Statismeter
  • Segment
  • Pipedrive
  • Zendesk

At any time, you may request your information to be exported and sent to you for review, and we promptly honor any requests by you to have your information deleted and forgotten. Mail us with your requests at support@statusbrew.com

Data Processing Addendum (DPA)

Statusbrew makes available a Data Processing Addendum (DPA) for GDPR. The GDPR DPA and some FAQs are available to all of our customers. If you would like to enter into the GDPR DPA with Statusbrew, please email us and we will promptly send you Statusbrew’s Data Processing Addendum for you to complete, sign and return to us.

Confidentiality

Statusbrew maintains appropriate controls to restrict its employees’ access to the Customer Content that you and your Authorized Users make available via the Statusbrew Services, and to prevent access to Customer Content by anyone who should not have access to it.

All of Statusbrew's employees are bound by Statusbrew policies regarding the confidential treatment of Customer Content.

Statusbrew employees receive security training during onboarding and on an ongoing basis. Employees are required to read and sign information security policies covering the confidentiality, integrity, availability, and resilience of the systems and services Statusbrew uses in the delivery of the Statusbrew Services. Where applicable, including for particularly sensitive positions, Statusbrew also conducts criminal background checks on employees before employment.

Data Centers

Statusbrew's products are hosted by Amazon Web Services (AWS). AWS provides world-class hosting facilities that are secure, highly available, and redundant, with compliance to Cloud Security Alliance Star Level 2, ISO 9001, 27001, 27017, 27018, PCI DSS Level 1, and SOC 1, 2, and 3. For more more information on AWS's certifications and compliance programs, please visit https://aws.amazon.com/compliance/programs.

Customer data is hosted in the United States, in AWS’s us-east-1 region. Statusbrew has applied for Privacy Shield certification to transfer personal data from the European Union and Switzerland and is GDPR compliant. AWS's data centers are outfitted with world-class physical hosting capabilities. Buildings have temperature and humidity monitoring and management, automatic water detection and removal, and automatic fire detection and suppression. Combinations of multiple power feed, Uninterruptible Power Supply (UPS) systems, and on-site electrical generators provide layers of backup power.

Application Security

Statusbrew's developers are given annual training on secure coding. All application code is written by Statusbrew employees, and each change undergoes peer review. Security vulnerabilities are promptly triaged and corrected.

Data Encryption

The Statusbrew Services support the latest industry-standard secure cipher suites and protocols to encrypt all traffic in transit. Statusbrew currently supports only TLS 1.2 on its main website and all pages that accept credit card information.

Customer Content is also encrypted at rest, where appropriate and having regard to the nature of the content and associated risks. Almost all of the information Statusbrew processes is already publicly available elsewhere and so there are no associated privacy risks.

Statusbrew monitors the changing cryptographic landscape closely and makes commercially reasonable efforts to upgrade the Statusbrew Services to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve.

Third-party penetration testing

Statusbrew contracts with multiple penetration testing vendors to conduct several tests per year.

PCI DSS

When payments are processed via credit card, Statusbrew uses third-party vendors that are PCI DSS compliant. At no point does Statusbrew store, transmit, or process your credit card information; Statusbrew simply stores anonymous tokens that identify the applicable processed transactions.

Product Security Features

Secure Credential Storage Account passwords are salted and hashed using the latest strong algorithms and approaches, which are routinely audited. No human, our staff included, can ever view them. If you lose your password, it can't be recovered and must be reset.

Brute-force Protections

In addition to computationally challenging hashing, our authentication services implement additional rate-limiting protections and ReCAPTCHA.

Approval Workflows

Account Owners and Administrators may restrict certain activities behind approval workflows. These allow for tasks to be divided amongst a team, with the peace of mind that central decision makers may review and control public-facing actions.

Access Permissions

Account Owners and Administrators may restrict access to profiles, features, actions (including read and write), and other data, by applying granular controls to users on their account.

Email Signing

Statusbrew implements Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to ensure emails we send are authenticated as coming from Statusbrew, helping to prevent spoofing and ensure authenticity.