All servers have security updates automatically applied. We routinely upgrade our operating systems as new versions are released.
We use Heroku (PaaS) to manage backups for customer data in our billing system. For other systems, we create our own backups and store them with a second cloud service provider. This allows us to recover our infrastructure even if there’s a total failure with our primary service provider.
You provide your payment card information to our payment partner (Stripe) and we do not store the card number ourselves. We do store the last four digits of the card number, to provide you this information when you are managing your payments, and the card expiry so that we can notify you when you need to update your card information.
All employees and contractors are required to use password managers.
We immediately revoke access to all systems for employees and contractors who we are no longer working with.
We gratefully receive reports of security issues. However, we don’t offer a bug bounty.
If you are the first to identify a genuine problem we will provide acknowledgement. We reserve the right to decide on this issue.
security (at) thunderforest (dot) com
Please do not …