DDoS attack protection
We use a fast, globally distributed and intelligent always-on DDoS protection.
Data encryption in transit
All data sent to or from our infrastructure is encrypted in transit following industry best-practices using TLS. You can see our SSLLabs report here.
Data encryption at rest
All our user data (including passwords) is encrypted using battled-proofed encryption algorithms in the database.
Custom data removal
We retain our users data for a period of 60 days after their subscription ends. All data is then completely removed from our servers with the exception of payment and invoices data. Every user can request the removal of usage data by contacting support.
We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.
Application security monitoring
We use Bugsnag to monitor exceptions, logs and detect anomalies in our applications. We collect and store logs to provide an audit trail of our application activity.
Application security protection
A WAF is set up to filter incoming requests trying to compromise the service.
A firewall is systematically used on makesales.io’s servers to prevent access from non-approved IP addresses.
Critical admin interfaces are protected using at least double-authentication.
Our software infrastructure is regularly update using automatic update mechanisms when possible.
End-to-end encrypted messaging systems are available to MakeSales.io’s employees and contractors and used for most communications.
We apply development best practices to mitigate known vulnerability types.
All payment processing is outsourced to Stripe which is certified as a PCI Level 1 Service Provider. We don’t collect any payment information and are therefore not subject to PCI obligations.
Restricted data access
Our strict internal procedure prevents any employee from gaining access to user data. Limited exceptions can be made for customer support.