Menu
Speak to the team
SIGN IN

Security Practices

AUDIENSE SECUIRTY PRACTICES  

We host on Amazon Web Services

Audiense is hosted on Amazon Web Services cloud platform. This places your data in their US data centres. At the time of writing, we use their Virginia and California data centres.

Using AWS means we take advantage of their rigorous security standards and reliance, servers and firewalls are always up to date. You can read more about their specific standards and procedures here: https://aws.amazon.com/security/

We don’t store your debit/credit card information

All our payments are processed through Recurly https://recurly.com/. They are a PCI-DSS Level 1 compliant organisation – the most stringent certification level available in the payment industry.

Using Recurly means we don’t need to store your payment card details, they are sent encrypted direct to Recurly, we don’t store them anywhere.

You can read more about security at Recurly here: https://recurly.com/security/

Your passwords are hashed

We hash your passwords using a key derivation function, but that’s no reason not to create a strong password in the first instance. Although we put some constraints in our passwords, we encourage you to understand, and educate your employees on what makes a strong password, and use them accordingly.

Keeping your data secure

Keeping customer data safe is a huge responsibility and our top priority. We work hard to protect our customers data from the latest threats. This is not a one time effort, it’s a continual process that we monitor and work on.

Security issues come to light through different means and activities, from articles in technical press, discovery during routine work, and through our internal reviews and vulnerability scans.

How we deal with security issues  

When we discover a security threat we follow this process:

  1. Understand the nature of the threat.
  2. Assess the risk of the threat to our customers data – bearing in mind the likelihood of breach and the impact of a possible breach.
  3. Scope the work required to mitigate or eliminate the risk.
  4. Prioritise any work according to the results of this risk assessment.
  5. Once the issue is resolved we’ll post an update on Twitter and Email.

Security Practices 

Every change in the source code has to pass through testing, quality control, quality assurance where we look for malicious code, back doors, easter eggs, and logic flaws. As part of our security review, we follow the OWASP Application Security Verification Standard (ASVS) Project as a guide to security control. The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.

Reporting Security Problems 

Send all security concerns directly to us at help@audiense.com We’ll get back to you as soon as we can. Feel free to tweet us too https://twitter.com/audienseco