Ensuring our customer data is secure and protected is a top priority at HiThrive, which is why we've taken extensive measures to bolster our security for our platform and tools the team at HiThrive use.
HiThrive employees are required to follow stringent security practices such as:
- Locking computers while away to prevent unauthorized access.
- Accessing sensitive tools using secure single sign-on.
- Using VPNs when on public networks.
When you install HiThrive using a third-party (Slack, Microsoft Teams, etc), we only request the minimal permissions required for HiThrive to function properly. We don't have access to your conversations, private or public messages or files. The data we sync from third-parties is limited to:
- Names, profile pictures, email addresses and timezones of your team.
- The name and icon of your workplace/team.
- Reactions only on messages created by the HiThrive account (public shout-outs or awards).
HiThrive is hosted entirely on Heroku and Amazon Web Services. Our databases are only accessible by the services that require access and by users with revocable credentials. Credentials are rotated regularly and stored outside of our code.
Our services are distributed across multiple physical data centers in the United States, enabling us to provide redundancy and failover protection.
Our application is hosted on Heroku, which is hosted and managed within Amazon Web Services data centers. These data centers are accredited:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
We regularly audit our codebase, third-party libraries and frameworks to ensure they're up-to-date and patched whenever a vulnerability is detected.
Our data is encrypted at-rest and in-transit. Only HiThrive employees and services with proper credentials have access to data. Our web-based apps, APIs and services are only accessible over TLS, ensuring connections internally and externally are encrypted.
All payments and stored payment methods are processed by Stripe, our payment processing partner. HiThrive does not have access to credit or debit card details once saved, other than Name, Billing Postal Code, Brand and Last 4.
If you have any questions or concerns about security, please email firstname.lastname@example.org.