All data that passes between you and Couchdrop is encrypted using industry-standard security protocols.
Couchdrop encrypts all data at rest with AES-256, including databases, document files, backups and logs.
Data is protected in transit using HTTPS with TLS 1.2 and above and SSL via SFTP and FTPS.
Couchdrop follows strict and modern key management techniques using 1password and Doppler for password and production key/config management
Couchdrop's server instances, file storage and databases are provided and hosted by either Digital Ocean or Amazon Web Services.
Only explicit engineering team members have access to production systems and data. Access is governed by internal security policies and requires CTO approval.
All new staff undergo police and reference checks prior to being employed.
All employees are subject to perpetual confidentiality agreements.
All new employees participate in an information security induction and are required to review and sign Couchdrop's information security policies prior to their first day.
New employees also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.
Couchdrop conducts periodic security awareness sessions for all staff annually on selected security and privacy related topics
All changes to the Couchdrop platform go through formal change control procedures. Couchdrop follows a Lean Kanban approach to development ensuring that Couchdrop is constantly delivering value to its customers.
Couchdrop follows OWASP security principles by design and all development is peer reviewed before going through approval gates by a software architect, QA manager and senior management prior to production release.
Couchdrop's web and file servers run the Ubuntu Linux operating system distribution (currently, version 18.04 LTS) which is delivered via Docker containers.
Couchdrop subscribes to the security announcement mailing lists for Linux, Ubuntu and Python, as well as other platform dependencies. Critical security updates are deployed as soon as possible once they are released, this is done by using the automatic package upgrade installation system.
Couchdrop utilises Docker Hub's vulnerability scanning platform and Datadog's SCIM platform for security event monitoring.