Expiration Reminder Security Policy
We take security and privacy seriously, adhering to enterprise-level security standards that keep your customer data protected. Infrastructure.
All of Expiration Reminder’s application and data infrastructure is hosted on Microsoft Azure, a highly scalable cloud computing platform with end-to-end security and privacy features built in. Designed with redundancy, fault tolerance and disaster recovery at the forefront. Production access is restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses and other security features. For more specific details regarding Microsoft Azure security, please refer to https://www.microsoft.com/en-us/trustcenter/security/azure-security.
We strive for a 99.7% uptime across all our products and to support that, we host our monitoring systems outside of Azure and employ a variety of tools to accurately monitor and report on any anomaly that could impact the delivery of our services.
All data is stored in HIPAA compliant Azure infrastructure, housed in Microsoft-controlled data centers. Only those within Microsoft who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. It is safe to say Microsoft is much better at physical security than we are capable of being, so we leave it to them.
Through the use of automated and manual analysis, as well as constant security review of 3rd party libraries, we ensure to the best of our abilities that we are delivering products that are free from security defects. All Expiration Reminder's web application communications are encrypted, and cannot be viewed by a third party. We enforce the same level of encryption used by banks and financial institutions.
- Additionally, we support a number of security focused features to help keep your data safe
- Data encryption - All customer data is encrypted at rest including: user email addresses, user passwords, API keys, including 3rd party keys stored by Apps.
- Authentication - Expiration Reminder supports SSO through Azure AD, OneLogin, Okta or any other SAML-compatible Identity Provider.
- API Security - In our v1.0 API we support OAuth authentication and a UI for revoking device tokens.
Engineering and Operational Practices
We design all services with high availability in mind. Our goal is to deliver 99.7% uptime across all our products. In order to achieve this goal, we follow a number of engineering best practices
- Immutable infrastructure - We don’t make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code. Which means all changes go through a formal code review, automated testing and automated deployment process.
- Continuous integration and delivery - We are using continuous integration and deployment automation and configuration management tools to build, test and deploy code multiple times a day.
- Security audits - Every year we have an independent security firm execute penetration test audit across our system.