Last updated: 01 June 2021
Please visit our security page: https://www.podaris.com/.well-known/security.txt
for information about our responsible disclosure process and to submit a vulnerability report.
We require users to authenticate themselves and establish a secure, encrypted connection in order to send data to Podaris.
Our web services are protected by industry standard firewalls, which limit non-essential connections/communications with devices outside of Podaris’s secure network.
We protect authentication tokens from other, potentially malicious websites.We enforce HTTP Strict Transport Security and take measures to prevent Cross-site Scripting attacks.
Data on disk is encrypted using 256-bit AES encryption.
When you sign up for a paid account on Podaris, we do not store any of your card information on our servers. Customer card data and payment processing is handled by Stripe
, a company dedicated to storing your sensitive data on PCI-Compliant servers.
All Project Data on Podaris are backed up multiple times per day, and we maintain a trail of backups for approximately one year. This minimizes the likelihood that Project Data will be accidentally lost. Backups are replicated across multiple, geographically dispersed data centers.
We regularly test our backup restoration procedures.
In general, Podaris personnel are prohibited from viewing your Project Data without your permission, except that Podaris personnel may access your Project Data as reasonably necessary to support, maintain and troubleshoot its systems. If we access your Project Data for these purposes, we will not further disclose your Project Data and will not use it for any other purposes.
If you require a full or partial export of your Project Data stored in Podaris you can use the in-application button to do so at anytime.
An important part of maintaining the security of your Data is being able to authenticate your identity when you access it. We identify you by your email address, which you are required to verify before collaborating with other users. You then set a password to protect your account. We never store passwords on client computers or inside plugins.
. However, Project Data that you created as a collaborator of other projects may continue to be available to them, so as to not disrupt their usage of the service.
Passwords are securely hashed in accordance with industry best practices.We never store passwords in plain text
Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions.
Our services are hosted using Google Cloud Platform's public cloud services.
Systems access is logged and tracked for auditing purposes.
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.
We make reasonable efforts to monitor our servers 24/7, looking out for any incursion. We will make reasonable efforts to notify you of and respond promptly to any unauthorized use or disclosure of your Data.
Despite all of our efforts described above, we will never be able to absolutely guarantee the security of your Data. You should always take every precaution available to help protect access to your account and ensure the security of your Data. Here are some suggested best practices for helping to keep your account secure:
* Use a strong, secure password for your account.
* Don’t reuse passwords from other sites.
* Don’t share your password with others, including Podaris staff. Podaris staff will never ask for your password.
Avoid accessing Podaris from any computer that is not administered by you or someone you trust.
* When accessing Podaris from shared computers, be sure you logout when done.
* Report security issues/questions. If you have a question, or think you’ve found a problem, please report it to us by emailing firstname.lastname@example.org
Podaris will not be responsible for loss, damage, corruption, theft or unauthorized access of or to your Data that occurs despite Podaris’s precautions described above.
We're extremely concerned and active about security, but we're aware that many companies are not comfortable hosting data outside their firewall. For these companies we offer Podaris:Enterprise On-Site
, a version of Podaris that can be installed to a server within the company's network.