Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security.
Our servers are hosted by Amazon (AWS), the world's leading cloud infrastructure provider that maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. Our application uses Secure Sockets Layer (SSL) encryption protocol on all client-server connections, and we are using automated daily complete data backups. Without going into too many technical details, all customer data is stored in a database that is hosted on a dedicated database server on AWS (RDS) inside Virtual Private Cloud with a Security group configuration that allows access only from our web server instances (EC2).
Uploaded files are stored in a private secure server cloud on Amazon AWS (S3). We use the standard authentication mechanism where a valid username and password are required to access the blog AND the uploaded content. We have robust security mechanisms built-in from the beginning that ensure that each user only has access to the data associated with the account. We follow all technical best practices (only logged-in users can access uploaded files, passwords are kept encrypted in the database, etc..).
Our internal policy allows only senior members of our technical team (currently three people) to have direct access to user data in the database, but in practice, we never access your data. We are focused on maintenance and security on the platform level; we have no interest in the data users put in. We only look at users' data on a rare occasion when there is some kind of a problem, and a user asks us to check.