Security and Data Policy
We understand how important the privacy and data security of our customers is, that is why we follow industry best practices to guard and protect your data at all times.
Privacy and Software security
- We use authorized SSL certificates that allow our clients to send and receive data in an encrypted format (HTTPS protocol). This is leading industry practice to prevent MITM attacks and attackers from capturing unencrypted traffic data (like passwords, usernames, or other confidential information).
- No critical payment information is stored on our system, such as credit card numbers. All sensitive data is handled directly by our industry leading payment providers, Stripe and PayPal.
- Connections to our servers are regulated.
- Although all clients are allowed to upload files to our server, our server configuration prevents the uploading and execution of backdoors or malicious programs.
- Our software was built with a focus on security, as such, we are protected from common attacks such as XSS, CSRF and SQL injections.
- We do not have full control over the email account of the user, we just receive access to the email client that the user is using to compose their email for the sole purpose of adding in their HTML email signature. The email client controls the events that create and edit the email. When one of these events is occurring, our extension inserts their HTML email signature in a particular position, the users text in the email is not being analyzed or collected and is not being transferred to us in any way. Our browser extension just locates the correct tag in order to correctly insert the HTML email signature in the correct position when composing, replying or forwarding their email.
- Our API is used to connect our browser extension with the HTML email signature website app esig.ly. The browser extension sends a request to our system with the unique key that the user is asked to insert, the user obtains this key by securely logging into our website app with their authorised account. The system checks if the request is correct, it then identifies the signature in the system by the corresponding key and inserts the signature into the browser extension. The signature key is unique to that specific signature only ensuring the correct details are pulled into the browser extension. Again, no email letter text is being analyzed or transferred anywhere during this key transmission.
System Monitoring and Data Backup
Our monitoring solution makes it possible to immediately detect any nascent failure and prevent the possibility of any negative consequences to the system. Our monitoring system provides the following functions:
- it continually collects information from each service within the entire installation
- it provides fast detection of failures and informs our development team when a failure exists
- it visualizes system performance via graphs to quickly target and neutralise issues
Our system performs regular automated data backups and is capable of fast data recovery in the event it is needed
Although we follow industry best practices in regards to secure software development and deployment and backing up data, it is important to note that no system is 100% infallible and we cannot be held liable if confidential information is breached or loss of data occurs.
General Data Protection Regulation (GDPR)
For more information on the GDPR, please visit our dedicated page by clicking here