This page contains brief overview of our security practices and infrastructure. Let us know if you have any further questions about this area – we would be happy to elaborate.Report vulnerability
Our success and the success of our customers depends on security. We want our customers to focus on building great apps and experiences, and be confident in the security of the tools we provide. We strive to always follow the industry standards and best practices, and to be proactive about security on our infrastructure.
Opbeat’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon’s data center operations have been accredited under:
You can find their compliance documentation here.
All credit card processing is done by Stripe. Their service meets the highest level of PCI compliance (Level 1). See more on their Security page.
Authentication with Opbeat is handled using OAuth and GitHub user profiles. We do not get access to or store passwords in our databases.
We enforce secure connections over HTTPS (SSL/TLS) to and from our infrastructure, including websites and APIs, to ensure that your data remains encrypted in transit. This means your data is encrypted with 256-bit AES encryption and not leaked to the network. SSL Labs gives us an "A" rating in their test.
Our operations teams prepare and follow incident response plans for both operational and security events.
We employ intrusion detection and logging on the infrastructure to prevent and expose unauthorized access attempts.
We sanitise and validate inputs to prevent XSS/injection attacks. We also send unique tokens along with website requests to protect against Cross-Site Request Forgery attacks.
Our engineers peer-review the code for security issues before it is deployed into production. They follow the OWASP best practices and security guidelines.
We isolate our processes into various environments like development, staging and production.
Customer data is stored in databases that only allow a select subset of employees access and is encrypted at rest.
Opbeat staff does not access or interact with customer data or applications as part of normal operations. There may be cases where Opbeat is requested to interact with customer data at the request of the customer for support purposes or where required by law. Opbeat may also inspect customer data to debug and troubleshoot platform issues.
We have well-tested processes in place for backing up and restoring all of our and your data. All of the Opbeat databases are continuously replicated to running backup systems as well as to archive storage. Opbeat can failover to running backup systems or restore up to a point in time from the archive storage.
We have extensive monitoring and alerting in place for the various components of our infrastructure. Our operations team maintains an on-call schedule and can be available to respond to critical incidents at a few moments notice.
We plan, schedule, and announce architecture maintenance and any potential downtime ahead of time. The timeline for maintenance projects is available on the status page. Individual projects will be updated in real-time as work progresses or is completed.
The Opbeat platform is designed for stability, scaling, and inherently mitigates common issues that lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single points of failure. In case of an outage, standby and backup systems can take over operations. In case of catastrophic failure, systems will be restored from backups.