Security

How Receptive keeps your data safe

Network security

Receptive’s infrastructure is hosted at Amazon Web Services in the eu-west-1 region which is in Dublin, Ireland. We use industy standard techniques to secure our network infrastructure including Virtual Private Cloud and network firewalls.

Data center physical security

Receptive’s servers are hosted in Amazon Web Services data centres which have many certifications for physical and data security including SOC 1, SOC 2, SOC 3, ISO 9001:2008, ISO 27001:2013, ISO 27017:2015 and ISO 27018:2014. More about AWS compliance.

Personnel

Remote access to servers is only permitted to trusted Receptive employees with the correct credentials.

Backups

All database updates are synchronously written to two Availabity Zones.

Every 30 minutes we backup all databases and push the backups off-region to multiple availability zones in the AWS eu-central-1 region in Frankfurt, Germany.

Third-party systems

We use certain trusted third parties to supply limited parts of the Receptive service. SendGrid for email relay. Clearbit for user profile enrichment and Stripe for credit card payment services.

Payment security

Credit card payments are handled by Stripe. Your card details are passed direct from your browser to Stripe and sensitive payment details don’t touch Receptive’s servers. Stripe are certified PCI Service Provider Level 1.

Availability

Receptive’s server instances are always distributed across at least two Availability Zones. In the rare event of a entire Availability Zone outage, our servers are already up and running in a second Availability Zone and traffic is routed to the unaffected servers without human intervention.

Our databases are hosted in two Availability Zones. In the event of a database outage in one zone, failover to the secondary servers happens automatically.

Receptive engineers are alerted in the event of incidents

Performance

Our platform automatically scales up and down by adding and removing application servers as demand fluctuates. This is done without human intervention and within minutes of any significant load changes.

Encryption

Every transfer of data between your browser and Receptive’s API servers is over a encrypted 2048-bit SSL connection. Unsecured non-SSL connections are rejected.

Testing

Our software is covered by an automated test suite with extremely high test coverage. Hundreds of automated tests are run before every deploy of code to production. We push code to production up to several times a day and can react very quickly to issues as and when they happen.

Logging

We log every API call to enable diagnostics in the event of a bug or outage. Our log retention is for one year.

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.