FunRetro provides data encryption in transfer via 256 bit Secure Socket Layer (SSL) technology. Our SSL has a grade A+ on SSL Labs quality report.
We use Google Cloud Platform to store all our data and it has default encryption at rest using either AES256 or AES128 technology. You can read more about Google Cloud encryption here: https://cloud.google.com/security/encryption-at-rest/.
We use Google reCAPTCHA security service that protects FunRetro from spam and abuse. We use it on our login form to block bots.
Our passwords are stored securely by using bcrypt technology provided by Google Cloud. We also enforce strong password complexity by requiring minimal of 8 chars, 1 uppercase, 1 lowercase, 1 number and 1 special char upon registration on the app.
Users are required to verify the ownership of the account email via a link provided in an automated e-mail prior to create data in FunRetro.
Payments are provided by Paddle, our third party provider. We don't store any billing information on our servers. Paddle is PCI-Compliant and adhere to the Payment Card Industry Data Security Standard. You can read more about it here: https://paddle.com/taxes-fraud-compliance/.
FunRetro is hosted on Firebase that is part of Google Cloud Platform. Our data is hosted in US Central. Google Cloud is a very secure platform that has multiple certifications: ISO 27001, ISO 27017, ISO 27018, SOC 1/2/3, PCI DSS and CSA. You can read more about it here: https://cloud.google.com/security/.
FunRetro is hosted on Google Cloud Platform. Google data centers feature a layered security model, including extensive safeguards such as: Custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors and biometrics.
FunRetro does regular backups once per day. All backups are encrypted by default. Backups are deleted after 30 days of being created.
FunRetro undergoes black box penetration testing, conducted by an independent, third-party agency, twice by year. For black box testing, FunRetro provides the agency with an real admin account for testing all features and extra details about endpoints and software architecture.
Information about any security vulnerabilities successfully exploited through penetration testing is used to set mitigation and remediation priorities. FunRetro will provide a summary of penetration test findings upon request.
We ensure we have high quality code by using unit tests and code analysis tools (Code Climate) for continuous integration. We also have a staging environment to run manual tests, once we ensure everything is fine we deploy it to production. We do deploys almost every week.
FunRetro uses Firebase services extensively, and it's hosted on Google Cloud Platform which is a very reliable service and has high availability. You can check Firebase live status here https://status.firebase.google.com/.
We use Firebase for authentication services and it has a monitor feature to block IP's that are trying to attack us. Firebase limit the number of new Email/Password and Anonymous sign-ups from our application with the same IP address.
Also Google Cloud Platform’s intrusion detection involves tightly controlling the size and make-up of Google’s attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.
FunRetro will give recognition and compensation for people reporting bugs and issues, especially those pertaining to exploits and vulnerabilities. To report bugs please send email to email@example.com.
FunRetro keeps daily encrypted backups of data on Firebase. While never expected, in the case of production data loss, we will restore data from these backups.