Security Is Our Top Priority


Confidentiality

Your data is yours. Humble Dot does not sell or rent any customer information or information provided to the service.

We enforce strict internal access controls where only the most senior database engineers have access to data and always on a strict need-to-know basis.


Strong Security Practices

All of your data is password protected as well as encrypted at rest and in transit. Additionally, we constantly backup your data to prevent any chance of a data loss.


Breach notification

However unlikely, we guarantee we will alert you within a 48 hours any discovered data breach.


Payments Security

We neither store nor transmit your credit card information. We use Stripe, a PCI Level 1 compliant payment processor to handle all credit card transactions.


Security Assessment and Compliance

Data Centers

Humble Dot uses Heroku and does not have any physical infrastructure. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:


PCI

We use PCI compliant payment processor Stripe for encrypting and processing credit card payments. Heroku’s infrastructure provider is PCI Level 1 compliant.


Network Security

Humble Dot's application forces SSL encryption on all network requests. See: https://www.heroku.com/policy/security#netsec


Data Security

Heroku

Each application on the Heroku platform runs within its own isolated environment and cannot interact with other applications or areas of the system. This restrictive operating environment is designed to prevent security and stability issues.

These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections.

For additional technical information see: https://devcenter.heroku.com/articles/dyno-isolation

Heroku Postgres

Humble Dot's data is stored in separate access-controlled databases per application. Each database requires a unique username and password that is only valid for that specific database and is unique to a single application. Humble Dot's connections to postgres databases require SSL encryption to ensure a high level of security and privacy. Furthermore, Humble Dot's database is encrypted at rest.


Backups

Humble Dot data is automatically backed up as part of the Heroku deployment process on secure, access controlled, and redundant storage. We use these backups to deploy our application across Heroku's platform and to automatically bring our application back online in the event of an outage. Additionally, we back up Humble Dot data on a daily basis.


Disaster Recovery

See: https://www.heroku.com/policy/security#disaster_recovery


Vulnerability Reporting

If you have discovered a security vulnerability in the Humble Dot application please email us as soon as possible: security@humbledot.com