Many companies say they take security seriously. In our case, we’d like to demonstrate this with concrete information.
From time to time, we commission independent Internet security professionals to audit our security. We implement any findings and recommendations as a matter of priority.
As we are based in Spain, which is in the European Union, we are regulated by the EU General Data Protection Regulation (GDPR). We abide fully by the EU GDPR. Read more about our GDPR compliance.
The Feature Upvote application runs on Amazon’s AWS infrastructure. We follow AWS’s best practice guides. We regularly audit our use of AWS. We regularly check our server logs for suspicious activity.
Our database, which is hosted on AWS, uses encryption at rest.
Our web application only accepts and transmits traffic over HTTPS.
Your data is safe with us. We take frequent backups and regularly ensure that a recent backup can be restored. Access to backups is guarded with a combination of 2FA, password managers, and tight access rules.
At no time do we store your credit card details on our servers. Our payment processor, Stripe, handles all payment processing on our behalf. Stripe ensures that all relevant compliance, such as PCI, is met.
None of our staff, including management, have access to your credit card info.
Got questions about our security? Ask us at firstname.lastname@example.org
We welcome whitehat security researchers and will gratefully receive reports of suspected security problems.
We ask you to refrain from the following:
We don’t offer bug bounties. However we acknowledge contributions here on our site.
Only the first researcher to report a specific qualifying issue is eligible for acknowledgement. Whether or not an issue is a qualifying issue, as well as eligibility for acknowledgement, are decisions taken by us in our discretion. We reserve the right to cancel this program at any time without notice.
In order to qualify for acknowledgement, please follow these guidelines when reporting issues:
Report security issues via our security email address. The address is email@example.com.
Do not use automated scripts/tools without prior approval and scheduling. We understand the value of automated vulnerability detection scripts and software, but we ask you not to run automated scans of any kind without scheduling it with us in advance.
Expect a followup within 24 hours on business days. We do our best to respond quickly. We take every report seriously, and if you don’t hear back promptly, it doesn’t meant that we’re ignoring it. It means that we didn’t receive it. If you don’t hear back within 24 hours on a business day, please drop us a reminder via our support email address, and we’ll make sure that it hasn’t slipped through the cracks.
Only test Feature Upvote systems. Systems hosted by third parties do not qualify for acknowledgement.
Provide steps to reproduce the problem in our systems. Providing generic background information about a class of vulnerability without specific details about how our systems are vulnerable does not qualify for acknowledgement.
Please do not share your research or findings publicly until we’ve had time to research and release a fix for the problem.
Report security vulnerabilities to firstname.lastname@example.org. Once we’ve received your email, we’ll work with you to make sure that we completely understand the scope of the problem and keep you informed as we work on the solution.
We appreciate your help to find and resolve security issues responsibly. The following have worked to help us keep Feature Upvote safe and secure for everyone. Thank you.