Our security strategy covers all aspects of our business, including:
Every Profitley employee is expected to respect the terms of our data confidentiality policies, available at https://www.profitley.com/terms-of-use/ and https://www.profitley.com/privacy-policy/. Access rights are based on employee’s job function and role.
Profitley uses the git revision control system. Changes to Profitley code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Profitley employees can test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Profitley engineers also can “cherry pick” critical updates and push them immediately to production servers.
We also work with third-party security professionals to test our web application security.
Scalability/Reliability of Architecture
Profitley uses Linode and Amazon Web Services (RDS & S3) to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a failure.
Web connections to the Profitley service are via TLS 1.2 and above.
Security Consulting and Application Review
We work with external security advisors and have a responsible disclosure policy that allows security researchers to report vulnerabilities in our application.
Amazon & Linode
Both employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.
We are committed to making Profitley consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.
Want to report a security concern?
Email us at firstname.lastname@example.org