Last updated: 01 February 2019
At Suggested we take the security and integrity of your data very seriously. We have put controls in place, to make sure your data is safe, covering the technical aspects of providing our service, all the way up to our team.
Email/password login - We enforce a minimum of 8 characters for passwords, and they are always stored encrypted at rest (see below).
Social login - We provide integrations for logging in with Google, Facebook and Github using the OAuth2 mechanism.
Passwords - If using a password to login, we use PBKDF to store credentials at rest. Passwords are never stored in clear text.
Data hosting and storage - Our servers are hosted with DigitalOcean. Access to these servers is restricted to Suggested's team members who need it to perform their job. More information about DigitalOcean's security policy can be found here.
Website - All data transmitted from your browser to Suggested's servers is encrypted with SSL.
APIs - Our application and API endpoints are encrypted with SSL/TLS.
Incident response - We have an internal process to handle security events.
Backups - Suggested uses a SQL database to manage customer data. Data is backed up daily to a separate data center to ensure safety.
Permissions - Your data is only accessible to key Suggested team members who require it for their job. We only access your private data in case of an issue, where it is absolutely necessary and as a last resort.
PCI - All payments go through our payment processor - Stripe. Details about their security setup and PCI compliance can be found at Stripe's security page.