Security

Last updated at: August 17, 2023

Security of SimpleLocalize customers data is our core concern. All data you store in SimpleLocalize remains yours, and we are committed to ensuring that your data is not accessed by anyone without authorization.

Physical security

SimpleLocalize (we) uses Amazon Web Services (AWS) as our cloud hosting provider. We leverage AWS’ data centers with facilities and procedures designed to ensure physical security and integrity of all the data you entrust us with.

See https://aws.amazon.com/compliance/data-center/controls/ for more details.

Source code is stored on GitHub, which also uses industry-standard physical security and data center facilities, and local copies of the source code are stored on encrypted hard drives.

Data integrity

SimpleLocalize stores all data on redundant systems to help prevent data loss. Data are also automatically backed up on AWS servers with the capability to provide point-in-time recovery down to the second. SimpleLocalize’s production data is also regularly backed up to a separate location and all backups are encrypted.

Payment safety

SimpleLocalize uses Paddle as our payment provider, to accept and process credit card payments. We implement these payment technologies in a such way that SimpleLocalize does not store or process any credit-card information.

Monitoring

We use multiple security, monitoring, and alerting tools designed to make sure our systems are running securely and safely.

Processes

We operate on the principle of least-required privilege and try to provide our employees or partners only the minimum needed permissions to the production systems and data. We also maintain separation between development/staging and production environments.

Software security

Even though we put a lot of effort into creating secure software, we acknowledge that no system is completely secure. We use various automated software solutions to check for security issues and vulnerabilities both in our code and the in our back-end systems. We apply fixes for any issues we find promptly. We practice immutable infrastructure, where we don't make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code, which means all changes go through a formal code review and an automated testing and automated deployment process.

Data encryption

All data sent to and from SimpleLocalize is encrypted in transit using industry-standard HTTPS/TLS encryption.

Code quality

We use automated code analysis tools to check for common issues, security issues and vulnerabilities in our code. We apply fixes for any issues we find promptly.

Access control

All access to production systems requires VPN access. All access to production systems is logged and audited.

User authentication

  • We use bcrypt to hash all passwords before storing them in our database. This means that even if someone were to gain access to our database, they would not be able to see your password.
  • We use industry-standard authentication mechanisms to ensure that only authorized users can access our systems.
  • We rate-limit authentication attempts to prevent brute-force attacks, every authentication attempt is logged and audited, and requires a reCAPTCHA verification.
  • We store access tokens in our database in a hashed form.
  • We do not store plain-text passwords in our database, source code, logs, nor backups.

Anti-virus and anti-malware

We use antivirus and anti-malware software on our local machines to help prevent and detect malicious software.

Disaster recovery

We have a disaster recovery plan in place, which includes regular backups of all data, and a plan for restoring service in case of a disaster.

Contact

If you have questions or suggestions, please email us at: [email protected].