Cloud Security

This page provides information about how we secure and protect data.

General information

Fibery uses a reliable physical infrastructure and runs on a secure network that's built around data security to ensure that your information remains private, secure and available. Our servers are hosted on Amazon Web Services platform. The physical servers are located in AWS’s EC2 data centers. As of this date, AWS has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, is certified as a PCI DSS 3.2 Level 1 Service Provider, and undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports).

Security features

Product security
PermissionsGlobal access roles allow admins to set permission levels for everyone in the workspace, and project-level access controls allows permission levels to be set for application types.
Secure passwordsFibery stores passwords using BCrypt with unique salts.
High availabilityWe ensure high availability with automated and manual testing, regular performance benchmarking, production logging and alerts, fast continuous deployments, and industry-standard cloud infrastructure.
Network and application security
Hosting and storageFibery services and data are hosted in Amazon Web Services (AWS) facilities (eu-central-1) in the Germany within a virtual private network that cannot be accessed via the public internet, except via our public-facing proxy servers. All data is encrypted at rest via AWS RDS AES-256 Encryption.
EncryptionData is encrypted while moving between us and the browser with Transport Level Security (TLS). We score an ‘A+’ rating on Qualys SSL Labs‘ tests.
Backups & monitoringWe use AWS RDS’ backup solution for datastores that contain customer data. Data is automatically backed up every 10 minutes, and we keep daily backups for 14 days. On an application level, we store logs for all activity through Elasticsearch. Logs are stored for 14 days.
Compliance
PCI DSSAll payments made to us go through our payments provider, Braintree. Details about their security setup and PCI compliance can be found on Braintree's security page.
Other security features
ConfidentialityAll employee and contractor agreements include a confidentiality clause.

Subprocessors

We work with the following companies and tool systems to store, analyze, and transmit data for our users. They've been carefully vetted for best-in-class security practices..