Last updated: September 13, 2017
We stand on the shoulders of giants, using secure and reliable hosting vendors. Our database is encrypted at rest. All data communication between our system components are encrypted. We use a strong cryptographic HMAC function with sliding computational cost to facilitate user authentication.
Yeep helps companies manage employee and user access across cloud services, from GitHub to Dropbox. While no network-based system can be 100% secure, we deploy extra measures to protect your data.
2. System security
Yeep uses Heroku and Amazon Web Services (AWS) for secure and reliable hosting. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards, such as:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
3. Data security
- Our production database is encrypted at rest;
- We do not store passwords in plain (see section “5. Authentication”);
- All communications within our system components are encrypted (i.e. database to application server, application server to message queue, message queue to background workers, application server to client).
- Our web platform is served over HTTPS/SSL. We use HSTS to protect against protocol downgrade attacks and session hijacking.
4. Backup & data retention
- Your data are backed up on a daily basis;
- We maintain backup files on our secure server for thirty (30) days;
- Backup files older than thirty (30) days are automatically purged.
- We require all passwords to consist of 8 characters at minimum;
- We do not store plain passwords on our database. Instead we use a strong cryptographic HMAC function with salt and store the derivative key. Knowing the derivative key cannot reveal the actual password. That said, there is no way - even for us - to know your password;
- Our authentication function (as described above) allows for a sliding computational cost to mitigate brute force attacks.
Please note that, even with the above precautions in place, a weak password may easily compromise your account, so please make sure you use a strong (i.e. hard to guess) password.