Audiense is hosted on Amazon Web Services cloud platform. This places your data in their US data centres. At the time of writing, we use their Virginia and California data centres.
Using AWS means we take advantage of their rigorous security standards and reliance, servers and firewalls are always up to date. You can read more about their specific standards and procedures here: https://aws.amazon.com/security/
All our payments are processed through Recurly https://recurly.com/. They are a PCI-DSS Level 1 compliant organisation – the most stringent certification level available in the payment industry.
Using Recurly means we don’t need to store your payment card details, they are sent encrypted direct to Recurly, we don’t store them anywhere.
You can read more about security at Recurly here: https://recurly.com/security/
We hash your passwords using a key derivation function, but that’s no reason not to create a strong password in the first instance. Although we put some constraints in our passwords, we encourage you to understand, and educate your employees on what makes a strong password, and use them accordingly.
Keeping customer data safe is a huge responsibility and our top priority. We work hard to protect our customers data from the latest threats. This is not a one time effort, it’s a continual process that we monitor and work on.
Security issues come to light through different means and activities, from articles in technical press, discovery during routine work, and through our internal reviews and vulnerability scans.
When we discover a security threat we follow this process:
Every change in the source code has to pass through testing, quality control, quality assurance where we look for malicious code, back doors, easter eggs, and logic flaws. As part of our security review, we follow the OWASP Application Security Verification Standard (ASVS) Project as a guide to security control. The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
Send all security concerns directly to us at firstname.lastname@example.org We’ll get back to you as soon as we can. Feel free to tweet us too https://twitter.com/audienseco