elements-08.png

SECURITY 
OVERVIEW

How we protect your data

All the data we store about you is accessible only by Shuttlerock team members that need access to help you meet your goals and to provide customer support. The data we store is backed up daily and can be recovered in the event of a system failure.  

At Shuttlerock your data is always yours. We do not sell your data, we comply with GDPR, and we will delete your data under GDPR requirements on request. To make a request please contact the team.

Secure encryption

All connections to and from our systems are performed over SSL/TLS and are protected by 256-bit encryption. What this means is all sensitive data transmitted over the internet is secure and safeguarded. 

All sensitive data stored in our database is encrypted using the AES256-GCM algorithm before being written to the database. All data is encrypted at rest.

Staying up and running

We know how frustrating system downtime can be. At Shuttlerock our goal is to make sure you can access our systems as and when you need them. 

Our commitment to this goal has guided us to develop an infrastructure environment that includes locating our servers in top-security Amazon data centers, which have been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS), as well as being compliant with SOC 2 and ISO 27001 security practices. 

To ensure redundancy, our servers are located in geographically diverse locations. We strive to remove any single point of failure to provide a robust, high-availability system.

Any scheduled maintenance or planned downtime is announced ahead of time on our status page at status.shuttlerock.com. Please subscribe to email updates at the status site to receive the latest information. 

Protecting your billing information

Payment processing is performed by Stripe, which has been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS). We do not (and will never) store your credit card information on our systems. 

See the Stripe security documentation for more details.

Day-to-day protection

We sanitize data submitted to us to keep our systems safe from attack. We use both internal and 3rd-party services to monitor our systems around the clock, which alert operations staff instantly.

We operate under the principle of least privilege, restricting access unless necessary.

As part of our induction process, every member of the Shuttlerock team takes a security training course.

More information

Responsible Disclosure Policy
Terms of Use
Privacy Policy
GDPR

If you have a question about how we stay safe and secure here at Shuttlerock please get in touch.

Report a security issue

If you have any concerns, notice an exploit, or come across a problem then please report it to us. See our Responsible Disclosure Policy for more information.