Security Practices
We take security seriously
We continually audit and revise both our product and our processes to make sure your data is never compromised.
We value your data privacy
We have clear rules for security, privacy, and confidentiality with dos and don'ts, and we never look at our customers' documents. Direct access to our database is restricted to key personnel. On our database, all customer documents are split and stored in fragments, and no employee has workable access to log in and read customer documents as a whole.
We use Digital Ocean
Our website, service, and databases are hosted at Digital Ocean. We trust them with our servers, as do companies like LinkedIn, StackOverflow, and Ericsson. We restrict access and communication to and from these servers to the minimum required to use our product.
You can read about Digital Ocean's security features and compliance from: https://www.digitalocean.com/legal/data-security/ & https://www.digitalocean.com/legal/compliance/
Encryption
All communication between your computer and Delibr is encrypted using industry standard HTTPS/SSL.
Authentication/access
Access and login is based on the secure Accounts system developed by Meteor. We provide password-less authentication via OAuth for Google and Slack.
Vulnerability detection
A bug bounty program is one of the most powerful post-production tools to help detect vulnerabilities. We participate in the Atlassian Marketplace Bug Bounty Program, which is hosted on Bugcrowd, a SaaS platform built to crowdsource vulnerability discovery from a global pool of talented security researchers.
We also use Detectify for ongoing testing, in addition to code review and building and deploy tests.
Storing your passwords
We never store passwords in plain text. All passwords are encrypted using the bcrypt algorithm.
Payment info
We do not store your payment information directly. We trust Stripe with you payment data, and it is only ever communicated between your client and Stripe's servers - it never reaches our severs. Payments are stored in Stripe, you can read more about their security standards here: https://stripe.com/docs/security/stripe
Please feel free to reach out to us via chat with any concerns or questions about these practices. We’re happy to explain in more detail.