SplitMetrics Product Suite is built on DigitalOcean Platform’s compliance (https://www.digitalocean.com/security/compliance/) and AWS Platform’s compliance (https://aws.amazon.com/compliance) with leading standards for privacy and information security, including recurring re-examination by independent auditors.
All servers that run SplitMetrics software in production are recent, continuously patched Linux systems.
Our web servers use the strongest grade of HTTPS security (TLS 1.2). All user data is transported securely, as all traffic is encrypted in transit via SSL. Our SSL certificates are 2048 bit RSA, signed with SHA256. For the communication between servers the private network is used. Encrypting the data protects it from unauthorized modification and man-in-the-middle attacks.
Each server administrators is logging in with his own SSH key, the root access is turned off.
SplitMetrics does not store any credit card information. We have partnered with Braintree (a PayPal service) for credit card processing. They power online transactions for thousands of business and SaaS platforms and comply with PCI level 1 standards in the storage and handling of credit card information.
If you have any security questions or if you believe you have found a security vulnerability please don’t hesitate to contact our security team at [email protected]