Security Is Our Top Priority
Your data is yours. Humble Dot does not sell or rent any customer information or information provided to the service.
We enforce strict internal access controls where only the most senior database engineers have access to data and always on a strict need-to-know basis.
Strong Security Practices
All of your data is password protected as well as encrypted at rest and in transit. Additionally, we constantly backup your data to prevent any chance of a data loss.
However unlikely, we guarantee we will alert you within a 48 hours any discovered data breach.
We neither store nor transmit your credit card information. We use Stripe, a PCI Level 1 compliant payment processor to handle all credit card transactions.
Security Assessment and Compliance
Humble Dot uses Heroku and does not have any physical infrastructure. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
We use PCI compliant payment processor Stripe for encrypting and processing credit card payments. Heroku’s infrastructure provider is PCI Level 1 compliant.
Humble Dot's application forces SSL encryption on all network requests. See: https://www.heroku.com/policy/security#netsec
Each application on the Heroku platform runs within its own isolated environment and cannot interact with other applications or areas of the system. This restrictive operating environment is designed to prevent security and stability issues.
These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections.
For additional technical information see: https://devcenter.heroku.com/articles/dyno-isolation
Humble Dot's data is stored in separate access-controlled databases per application. Each database requires a unique username and password that is only valid for that specific database and is unique to a single application. Humble Dot's connections to postgres databases require SSL encryption to ensure a high level of security and privacy. Furthermore, Humble Dot's database is encrypted at rest.
Humble Dot data is automatically backed up as part of the Heroku deployment process on secure, access controlled, and redundant storage. We use these backups to deploy our application across Heroku's platform and to automatically bring our application back online in the event of an outage. Additionally, we back up Humble Dot data on a daily basis.
If you believe you’ve discovered a potential vulnerability or would like to report unethical behavior, please let us know by emailing us at email@example.com We will acknowledge your email within five business days.
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 24 hours of disclosure.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Humble Dot service. Please only interact with domains you own or for which you have explicit permission from the account holder.
While researching, we’d like you to refrain from:
- Distributed Denial of Service (DDoS)
- Social engineering or phishing of Humble Dot employees or contractors
- Any attacks against Humble Dot’s physical property or data centers
Thank you for helping to keep Humble Dot and our users safe! See our Disclosure Policy for more information.