We take data security and privacy very seriously
Security is at the heart of every product decision we make. We've designed our security policies and procedures so that you can focus on what you do best — running your business.
Permissions: Access to data within the app is governed by permission levels. Permissions can be configured to define granular access privileges (owner, admin, member).
Credentials: All account credentials are hashed using PBKDF function. If you lose your password, it can't be retrieved—it must be reset.
Payments: We do not store any of your credit card information on our servers. All payment processing is handled by Stripe. Payments through stored payment methods go through MFA (email).
Encryption: We use AWS server-side encryption to encrypt data in our databases at rest. All data in transit is transmitted over HTTPS/SSL/TLS.
Data centre: Travelstop is fully hosted on Amazon Web Services (AWS), which provides extensive security controls and privacy features documented at https://aws.amazon.com/security.
Authentication: We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
Access: Role-based access through IAM that enforces segregation of duties, two-factor authentication and end-to-end audit trails ensuring access is in accordance with the security context.
Sensitive data: All credentials, secrets and sensitive internal data are stored securely in storage provided by AWS Systems Manager.
Access control: Data in storage systems are not publicly accessible unless used for serving of public assets (e.g. images, scripts), or accessed by the authorized user via the website.
Firewall: WAF is configured to allow only essential requests to reach our services via the correct ports and protocols.
Data access: Access to customer data is limited to authorized employees only who require it for their job.
Confidentiality: All employee contracts include a confidentiality agreement.
Updates: We conduct periodic reviews of our AWS infrastructure to make fixes, enhancements, updates as needed.
If you'd like to learn more or if you believe you've found a security vulnerability, please contact us at firstname.lastname@example.org.