Security Assessment and Compliance
Humble Dot uses Heroku and does not have any physical infrastructure. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
We use PCI compliant payment processor Stripe for encrypting and processing credit card payments. Heroku’s infrastructure provider is PCI Level 1 compliant.
Humble Dot's application forces SSL encryption on all network requests. See: https://www.heroku.com/policy/security#netsec
Each application on the Heroku platform runs within its own isolated environment and cannot interact with other applications or areas of the system. This restrictive operating environment is designed to prevent security and stability issues.
These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections.
For additional technical information see: https://devcenter.heroku.com/articles/dyno-isolation
Humble Dot's data is stored in separate access-controlled databases per application. Each database requires a unique username and password that is only valid for that specific database and is unique to a single application. Humble Dot's connections to postgres databases require SSL encryption to ensure a high level of security and privacy. Furthermore, Humble Dot's database is encrypted at rest.
Humble Dot data is automatically backed up as part of the Heroku deployment process on secure, access controlled, and redundant storage. We use these backups to deploy our application across Heroku's platform and to automatically bring our application back online in the event of an outage. Additionally, we back up Humble Dot data on a daily basis.