Security

We take our customers’ data and privacy seriously. We host our site and store your data on Amazon Web Services (AWS) and secure our application code offsite at GitHub–a secure source-code management system that stores a complete versioned history of every change to every file in the project.

Data Center Security

The Amazon Web Services control panel is only accessible over HTTP Secure Sockets Layer (SSL). Individual server instances are firewalled, and access is restricted to necessary ports and IP addresses. Terminal access to AWS server instances uses the Secure Shell (SSH) protocol and requires SSH public/private key pairs. All passwords used by the system are randomly-generated 21-character strings containing letters, numbers and special characters.

Protection from Data Loss

We have a single master database that is mirrored on multiple servers in separate zones within AWS’ Relational Database Service (RDS). Application data is backed up daily via two separate processes: a daily AWS snapshot of the disk volume containing the data, and a restorable snapshot that allows restoring data as recent as 5 minutes ago. User files (images and attachments) are encrypted and stored in Simple Storage Service (S3), a redundant cloud-based filesystem.

Application-Level Security

Kickserv® account passwords are encrypted. Kickserv employees cannot view them. If you lose your password, it can’t be retrieved; you will have to reset it. All Kickserv web pages require SSL, so your data cannot be intercepted in transmission. However, any site can be impersonated, so check the SSL server certificate when in doubt (check your browser’s instructions to find out how to do this).

Remember, though, that your data can only be as secure as your password. Follow good password practices. Never share your username or password. Make your password complex, and change it frequently. When you leave your computer unattended, log out of your Kickserv account and lock your computer. No Kickserv employee will ever ask you for your password, either via phone or email.