General information
Fibery uses a reliable physical infrastructure and runs on a secure network that's built around data security to ensure that your information remains private, secure and available. Our servers are hosted on Amazon Web Services platform. The physical servers are located in AWS’s EC2 data centers. As of this date, AWS has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, is certified as a PCI DSS 3.2 Level 1 Service Provider, and undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports).
Security features
| Product security |
|---|
| Permissions | Global access roles allow admins to set permission levels for everyone in the workspace, and project-level access controls allows permission levels to be set for application types. |
| Secure passwords | Fibery stores passwords using BCrypt with unique salts. |
| High availability | We ensure high availability with automated and manual testing, regular performance benchmarking, production logging and alerts, fast continuous deployments, and industry-standard cloud infrastructure. |
| Network and application security |
|---|
| Hosting and storage | Fibery services and data are hosted in Amazon Web Services (AWS) facilities (eu-central-1) in the Germany within a virtual private network that cannot be accessed via the public internet, except via our public-facing proxy servers. All data is encrypted at rest via AWS RDS AES-256 Encryption. |
| Encryption | Data is encrypted while moving between us and the browser with Transport Level Security (TLS). We score an ‘A+’ rating on Qualys SSL Labs‘ tests. |
| Backups & monitoring | We use AWS RDS’ backup solution for datastores that contain customer data. Data is automatically backed up every 10 minutes, and we keep daily backups for 14 days. On an application level, we store logs for all activity through Elasticsearch. Logs are stored for 14 days. |
| Compliance |
|---|
| PCI DSS | All payments made to us go through our payments provider, Braintree. Details about their security setup and PCI compliance can be found on Braintree's security page. |
| Other security features |
|---|
| Confidentiality | All employee and contractor agreements include a confidentiality clause. |
Subprocessors
We work with the following companies and tool systems to store, analyze, and transmit data for our users. They've been carefully vetted for best-in-class security practices..
