P R O F I T L E Y
Profitley Statement on Security

Our security strategy covers all aspects of our business, including:

  • Profitley corporate security policies
  • Physical and environmental security
  • Operational security processes
  • Scalability & reliability of our system architecture
  • Data model access control in Profitley
  • Systems development and maintenance
  • Service development and maintenance
  • Regularly working with third party security experts
Profitley Corporate Security Policies & Procedures

Every Profitley employee is expected to respect the terms of our data confidentiality policies, available at https://www.profitley.com/terms-of-use/ and https://www.profitley.com/privacy-policy/. Access rights are based on employee’s job function and role.

Security in our Software Development Lifecycle

Profitley uses the git revision control system. Changes to Profitley code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Profitley employees can test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Profitley engineers also can “cherry pick” critical updates and push them immediately to production servers.

We also work with third-party security professionals to test our web application security.

Profitley Architecture & Scalability

Scalability/Reliability of Architecture

Profitley uses Linode and Amazon Web Services (RDS & S3) to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a failure.

Encrypted Transactions

Web connections to the Profitley service are via TLS 1.2 and above.

Information Security

Security Consulting and Application Review

We work with external security advisors and have a responsible disclosure policy that allows security researchers to report vulnerabilities in our application.

Data Center Security

Amazon & Linode

Both employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.

Privacy

Privacy Policy

Profitley privacy policy, which describes how we handle data input into Profitley, can be found at https://www.profitley.com/privacy-policy/ .

Availability

We are committed to making Profitley consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.

Want to report a security concern?

Email us at support@profitley.com