Menu Close
  • Home
  • Security Policies
    •

Security Policies

0 Comments

Security Policies

Ensuring our customer data is secure and protected is a top priority at HiThrive, which is why we’ve taken extensive measures to bolster our security for our platform and tools the team at HiThrive use. HiThrive is hosted on Heroku and benefits from their world-class security. Our team takes additional proactive measures to ensure a secure infrastructure environment.

Application Authorization

When you install HiThrive using a third-party (Slack, Microsoft Teams, etc), we only request the minimal permissions required for HiThrive to function properly. We don’t have access to your conversations, private or public messages or files. The data we sync from third-parties is limited to:

  • Names, profile pictures, email addresses and timezones of your team.
  • The name and icon of your workplace/team.
  • Messages where HiThrive has been invited (example “/shoutout”)
  • Reactions only on messages created by the HiThrive account (public shout-outs or awards).

Infrastructure

HiThrive is hosted entirely on Heroku. Our databases are only accessible by the services that require access and by users with revocable credentials. Credentials are rotated regularly and stored outside of our code.

Authentication

HiThrive leverages Slack’s OAuth for signing into our website, making HiThrive as secure as Slack. Our website and servers use HTTPS over SSL (TLS 1.3) to protect your data. HiThrive is being used by Fortune 500, FinTech, and cloud-security companies, among others.

Availability

Our services are distributed across multiple physical data centers in the United States, enabling us to provide redundancy and failover protection.

Data Centers

Our application is hosted on Heroku, which is hosted and managed within Amazon Web Services data centers. These data centers are accredited:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Internal Tools

HiThrive employees are required to follow stringent security practices such as:

  • Locking computers while away to prevent unauthorized access.
  • Accessing sensitive tools using secure single sign-on.
  • Using VPNs when on public networks.

Vulnerabilities

We regularly audit our codebase, third-party libraries and frameworks to ensure they’re up-to-date and patched whenever a vulnerability is detected.

Encryption

Our data is encrypted at-rest and in-transit. Only HiThrive employees and services with proper credentials have access to data. Our web-based apps, APIs and services are only accessible over TLS, ensuring connections internally and externally are encrypted.

PCI Compliance

All payments and stored payment methods are processed by Stripe, our payment processing partner. HiThrive does not have access to credit or debit card details once saved, other than Name, Billing Postal Code, Brand and Last 4.

Privacy Policy

If you have any questions or concerns about security, please email security@hithrive.com.

Source:

https://www.hithrive.com/security

Related posts:

ddls_and_pecb_partner_to_deliver_iso_27001_information_security_training_in_australia_-_pecb_partnership_-_blog_image_1920_x-2069855Security Policy man-giving-business-presentation-using-high-technology-digital-pen_53876-104783-3217653ISO 27001 Trust | Compliance iso27001-featured-image-1915922Heroku | Sentry Documentation img_6094068f266fdHow does SSL work with HTTPS?

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *