How we protect your data
All the data we store about you is accessible only by Shuttlerock team members that need access to help you meet your goals and to provide customer support. The data we store is backed up daily and can be recovered in the event of a system failure.
All connections to and from our systems are performed over SSL/TLS and are protected by 256-bit encryption. What this means is all sensitive data transmitted over the internet is secure and safeguarded.
All sensitive data stored in our database is encrypted using the AES256-GCM algorithm before being written to the database. All data is encrypted at rest.
Staying up and running
We know how frustrating system downtime can be. At Shuttlerock our goal is to make sure you can access our systems as and when you need them.
Our commitment to this goal has guided us to develop an infrastructure environment that includes locating our servers in top-security Amazon data centers, which have been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS), as well as being compliant with SOC 2 and ISO 27001 security practices.
To ensure redundancy, our servers are located in geographically diverse locations. We strive to remove any single point of failure to provide a robust, high-availability system.
Any scheduled maintenance or planned downtime is announced ahead of time on our status page at status.shuttlerock.com. Please subscribe to email updates at the status site to receive the latest information.
Protecting your billing information
Payment processing is performed by Stripe, which has been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS). We do not (and will never) store your credit card information on our systems.
See the Stripe security documentation for more details.
We sanitize data submitted to us to keep our systems safe from attack. We use both internal and 3rd-party services to monitor our systems around the clock, which alert operations staff instantly.
We operate under the principle of least privilege, restricting access unless necessary.
As part of our induction process, every member of the Shuttlerock team takes a security training course.
If you have a question about how we stay safe and secure here at Shuttlerock please get in touch.