Security

This document outlines some of the security practices used at Elliptic Marketing

We protect your data.

All data are backed up daily and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

All our employees and contractors (workers) sign confidentiality agreements before gaining access to our code and data. Everybody at Elliptic Marketing is trained and made aware of security concerns and best practices for their systems. Access to production servers is extremely restricted.

Encrypted data.

Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our private networks, data may be transferred unencrypted.

Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems.

Sophisticated physical security.

Our servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center.

Regularly updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. We use manual and automated tools to detect and mitigate security vulnerabilities.  

Constant monitoring.

We use monitoring tools to alert us when errors occur in our applications, 24/7/365.

Application testing.

Our applications include automated tests that check for potential security vulnerabilities accidentally included in the development process. Applications that fail automated security testing are never deployed to public-facing servers.