...
Once again, we make our best to use state-of-the-art techniques to keep the data safe:
- Our main servers are hosted by We host data using Digital Ocean , which has extremely good security procedures: https://www.digitalocean.com/legal/data-security/and Amazon AWS,
- The hard drives of our personal computers are encrypted (for example with Apple's FileVault 2),
- Our personal backup drives are encrypted (for example with Apple's FileVault 2 / Time Machine).
...
Please see the Privacy Policy on where we store data.
How
...
Whenever we are aware of a leak affecting the software we use (for example Heartbleed or Shellshock), we halt the service in emergency and upgrade our systems.
...
to handle a vulnerability
If you notice a vulnerability, please submit it at https://playsql.atlassian.net/servicedesk/customer/portals and:
- We will investigate as soon as we can and write an internal report,
- If we confirm the vulnerability, we will notify Atlassian,
- If a breach allowed access or alteration of customer data, we also notify our GDPR authorities within 72hrs (namely CNIL, for France),
- If a breach allowed access or alteration of customer data by an external person, we also notify those customers directly.
- If a breach only allowed two users of the same customer to view/edit data they were not permitted to (permission violation), we choose whether we only notify customers through the release notes when delivering the new version, or whether we directly contact customers.
Please send notifications to https://playsql.atlassian.net/servicedesk/customer/portals (In case this portal meets a breach, we are also available by email at security@requirementyogi.com).