Profitley Statement on Security
Our security strategy covers all aspects of our business, including:
- Profitley corporate security policies
- Physical and environmental security
- Operational security processes
- Scalability & reliability of our system architecture
- Data model access control in Profitley
- Systems development and maintenance
- Service development and maintenance
- Regularly working with third party security experts
Profitley Corporate Security Policies & Procedures
Every Profitley employee is expected to respect the terms of our data confidentiality policies, available at https://www.profitley.com/terms-of-use/ and https://www.profitley.com/privacy-policy/. Access rights are based on employee’s job function and role.
Security in our Software Development Lifecycle
Profitley uses the git revision control system. Changes to Profitley code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Profitley employees can test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Profitley engineers also can “cherry pick” critical updates and push them immediately to production servers.
We also work with third-party security professionals to test our web application security.
Profitley Architecture & Scalability
Scalability/Reliability of Architecture
Profitley uses Linode and Amazon Web Services (RDS & S3) to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a failure.
Encrypted Transactions
Web connections to the Profitley service are via TLS 1.2 and above.
Information Security
Security Consulting and Application Review
We work with external security advisors and have a responsible disclosure policy that allows security researchers to report vulnerabilities in our application.
Data Center Security
Amazon & Linode
Both employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.
Privacy
Privacy Policy
Profitley privacy policy, which describes how we handle data input into Profitley, can be found at https://www.profitley.com/privacy-policy/ .
Availability
We are committed to making Profitley consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.
Want to report a security concern?
Email us at support@profitley.com