Security

We take security and privacy seriously, adhering to enterprise-level security standards that keep your customer data protected.

Infrastructure

All of Microshot’s application and data infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in.

For more specific details regarding AWS security, please refer to https://aws.amazon.com/compliance/

ISO/IEC 27001SOC

Virtial Private Cloud

All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses and other security features.

Application security

Encryption

All data sent to or from Microshot is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. Microshot is served 100% over https. Microshot runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Microshot’s network. We have 2-factor authentication (2FA), and strong password policies on GitHub, Google, and Microshot to ensure access to cloud services is protected.

PCI Compliance

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processor we work with is Stripe. Their Privacy Policy can be viewed at: https://stripe.com/us/privacy

Additional security features

Confidentiality

All employee contracts include a confidentiality agreement.