All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on S3 servers that use modern techniques to remove bottlenecks and points of failure.
Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.
Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems. Our database backups are encrypted using GPG.
All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.
Have a concern? Need to report an incident? Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please visit our Security Response page for details on how to securely submit a report.
Adapted from 37signals.com/policies / CC BY 4.0
Currently Reading
Security Overview