Encryption and Resource Access
- End-to-end 256 bit HTTPS SSL encryption.
- All non-essential ports and external network interfaces blocked by default.
- No financial data or credit information is stored in any Contentment Foundation system. All financial data is held by Stripe, which has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
- All account passwords are stored as one-way hashes.
- All client-side communication, sessions, and input are validated server-side.
- All media assets are securely accessed on Amazon S3 using signed URLs.
- All media assets are encrypted at rest on Amazon S3.
- All account data is encrypted and securely stored in database.
- In the event of server failure, all critical systems have redundant failovers to prevent service disruptions.
- We perform static code analysis of all production codes.
- We have Integration and Unit tests for all critical systems.
- All sub-dependencies have been vetted for security and performance issues.
- We follow strict compliance with source code licensing and open-source licensing.
Contentment Foundation maintains a strict policy for assigning and distributing keys which may access any production or development systems.
- Master access keys are never distributed to any employees.
- Access keys are never stored in any version control system.
- Access keys are never stored anywhere as plaintext.
- Individual access keys are generated per employee with developer only access.
- All company workstations and laptops use encryption for storing of any potentially sensitive data.
- All company workstations and laptops use anti-malware and antivirus software.
- All client data is always anonymized for development purposes.
- All Contentment Foundation employees have been instructed on best practice security standards.
- Contentment Foundation employees are granted granular role access to resources.
- Any employee access to sensitive data is tracked and monitored.
- Developers only work with anonymized data.
Data Loss / Security Breach
In the event of a loss of data or potential security breach, you will be contacted immediately and be kept updated in real-time as The Contentment Foundation assesses the situation. Contentment Foundation will quickly take any measures necessary to secure and recover your data. A full incident report will be made available by Contentment Foundation should any incidents occur.