How Receptive keeps your data safe
Receptive’s infrastructure is hosted at Amazon Web Services in the eu-west-1 region which is in Dublin, Ireland. We use industy standard techniques to secure our network infrastructure including Virtual Private Cloud and network firewalls.
Data center physical security
Receptive’s servers are hosted in Amazon Web Services data centres which have many certifications for physical and data security including SOC 1, SOC 2, SOC 3, ISO 9001:2008, ISO 27001:2013, ISO 27017:2015 and ISO 27018:2014. More about AWS compliance.
Remote access to servers is only permitted to trusted Receptive employees with the correct credentials.
All database updates are synchronously written to two Availabity Zones.
Every 30 minutes we backup all databases and push the backups off-region to multiple availability zones in the AWS eu-central-1 region in Frankfurt, Germany.
Credit card payments are handled by Stripe. Your card details are passed direct from your browser to Stripe and sensitive payment details don’t touch Receptive’s servers. Stripe are certified PCI Service Provider Level 1.
Receptive’s server instances are always distributed across at least two Availability Zones. In the rare event of a entire Availability Zone outage, our servers are already up and running in a second Availability Zone and traffic is routed to the unaffected servers without human intervention.
Our databases are hosted in two Availability Zones. In the event of a database outage in one zone, failover to the secondary servers happens automatically.
Receptive engineers are alerted in the event of incidents
Our platform automatically scales up and down by adding and removing application servers as demand fluctuates. This is done without human intervention and within minutes of any significant load changes.
Every transfer of data between your browser and Receptive’s API servers is over a encrypted 2048-bit SSL connection. Unsecured non-SSL connections are rejected.
Our software is covered by an automated test suite with extremely high test coverage. Hundreds of automated tests are run before every deploy of code to production. We push code to production up to several times a day and can react very quickly to issues as and when they happen.
We log every API call to enable diagnostics in the event of a bug or outage. Our log retention is for one year.