Security and privacy are core to Activity Messenger. The data you import is kept secure and private.
Cloud Security
The platform is hosted on AWS, a leading reputated cloud provider. Security and Compliance is shared between AWS and Activity Messenger as described in the Shared Responsibility Model.
We follow AWS Security Best Practices to ensure no outside party can access the application code and the database.
Data Storage
The web server, the database, and file storage are 100% stored and replicated in Canada (AWS ca-central-1).
Protection from Data Loss, Corruption
We perform database backup and mirroring to mitigate the risk of data loss.
Activity Messenger garanties data recovery up to 30 days.
We have multiple layers of logic to seggregate account information at the application level.
We have a documented disaster recovery procedure that is regularly tested.
Application Level Security
We use a robust framework for authentication and account segregation. Updates are regularly applied to remain up to date.
Passwords are hashed and not accessible to anyone. If you lose your password, using the reset password mechanism is the only way to access your account.
Communication between your browser and our server is always encrypted. All pages pass data through TLS (HTTPS).
The platform implements CSRF (cross-site request forgery) protection on every page to mitigate against man-in-the-middle attacks.
PCI DSS Certification
We use Stripe, a leading PCI DSS compliant payment provider, to process payments. Credit card information never touches our servers. We do not keep credit card information.
