Security Is Our Top Priority


Confidentiality

Your data is yours. Humble Dot does not sell or rent any customer information or information provided to the service.

We enforce strict internal access controls where only the most senior database engineers have access to data and always on a strict need-to-know basis.


Strong Security Practices

All of your data is password protected as well as encrypted at rest and in transit. Additionally, we constantly backup your data to prevent any chance of a data loss.


Breach notification

However unlikely, we guarantee we will alert you within a 48 hours any discovered data breach.


Payments Security

We neither store nor transmit your credit card information. We use Stripe, a PCI Level 1 compliant payment processor to handle all credit card transactions.


Security Assessment and Compliance

Data Centers

Humble Dot uses Heroku and does not have any physical infrastructure. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:


PCI

We use PCI compliant payment processor Stripe for encrypting and processing credit card payments. Heroku’s infrastructure provider is PCI Level 1 compliant.


Network Security

Humble Dot's application forces SSL encryption on all network requests. See: https://www.heroku.com/policy/security#netsec


Data Security

Heroku

Each application on the Heroku platform runs within its own isolated environment and cannot interact with other applications or areas of the system. This restrictive operating environment is designed to prevent security and stability issues.

These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections.

For additional technical information see: https://devcenter.heroku.com/articles/dyno-isolation

Heroku Postgres

Humble Dot's data is stored in separate access-controlled databases per application. Each database requires a unique username and password that is only valid for that specific database and is unique to a single application. Humble Dot's connections to postgres databases require SSL encryption to ensure a high level of security and privacy. Furthermore, Humble Dot's database is encrypted at rest.


Backups

Humble Dot data is automatically backed up as part of the Heroku deployment process on secure, access controlled, and redundant storage. We use these backups to deploy our application across Heroku's platform and to automatically bring our application back online in the event of an outage. Additionally, we back up Humble Dot data on a daily basis.


Disaster Recovery

See: https://www.heroku.com/policy/security#disaster_recovery


Vulnerability Reporting

Disclosure Policy

If you believe you’ve discovered a potential vulnerability or would like to report unethical behavior, please let us know by emailing us at security@humbledot.com We will acknowledge your email within five business days.

Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 24 hours of disclosure.

Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Humble Dot service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from:

Thank you for helping to keep Humble Dot and our users safe! See our Disclosure Policy for more information.