Menu Close
  • Home
  • Arrows Security Details –
    •

Arrows Security Details –

0 Comments

Arrows Security Details

We take security very seriously at Arrows. From day one the product and all features have taken security into account. This page describes Arrows’ approach and practices around security. You may also be interested in our privacy policy and terms of service.

Hosting and Data

Where is Arrows hosted?

Arrows is hosted on Heroku. Heroku utilizes AWS data centers for hosting. AWS data centers are accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

You can read more details about Heroku’s security practices below:

Arrows data is stored in Heroku Postgres. Data is backed up under Heroku’s Continuous Protection ensuring customer data is incrementally snapshotted and backed up. We monitor our servers and logs and have an engineer on call 24/7.

Arrows is deployed multiple times per week, ensuring that any fixes can be deployed rapidly.

All Arrows web page requests are protected with SSL and HTTPS.

Our goal is to help you onboard your customers successfully, and we only store and use data in service of that end goal.

Where is data stored and processed?

All data is stored and processed in the United States with Salesforce’s Heroku.

What third-parties do you share data with?

    – Data storage and hosting – File storage – Payment processing – Analytics – Analytics – Reverse ETL – Transactional Emails – Marketing and sales – Pageviews & Conversions – Forms

Payments

Arrows payments are processed by Stripe. Stripe is certified as a PCI Level 1 Service Provider—the most stringent level of certification available in the payments industry. Arrows does not handle any payment data.

Software

Arrows is built with Ruby on Rails and benefits from 16 years of security work on the framework. Our Ruby and Javascript dependencies are audited for vulnerabilities on every deploy using bundler-audit and yarn audit respectively. Dependencies are updated monthly to ensure we receive the latest security updates.

Arrows does not store user passwords in our database. Instead we provide magic login links sent via email.

Employees

Security training is part of Arrows employee onboarding. Arrows employees use 1Password to manage and ensure secure passwords, and use 2 factor authentication where available.

Any further questions?

Great! Please email us at help@arrows.to and we’ll happily update this doc.

Source:

https://arrows.to/security/

Related posts:

cybersecurity_2_5nhhju2uq84jgrv9i8azxi5dlpk_106818-2334776How We Protect Your Data With Heroku Security ddls_and_pecb_partner_to_deliver_iso_27001_information_security_training_in_australia_-_pecb_partnership_-_blog_image_1920_x-2069855Security Policy Default ThumbnailSalesforce – Heroku – Digital Marketplace Default ThumbnailHeroku | Sumo Logic

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *