We take security very seriously. From 100% SSL (HSTS Preload) to individual user encryption keys, we do everything we can, and more to keep your data safe and secure. Here are just some of the steps we take to keep your data secure:
- All accredit.ly services are provided over HTTPS (SSL HSTS Preload).
- All evidence files are encrypted using ‘unique to accreditation’ encryption keys.
- All identity files are encrypted using ‘unique to user’ encryption keys and then deleted immediately after the verification process
- All files and records are re-encrypted at rest.
- All infrastructure is secured with logging and 2FA.
- Only the data controller has access to production databases.
- All production configuration is stored in the encrypted vault and none of our engineers have access to the secrets.
- All users are disassociated from their data through advanced cryptographic hashing (Only on the infrastructure side, if your details appear in the accreditation body and you’d like it removed please contact us).
Reporting an Issue
We’re working to secure not just our technology but also further investment to fund a bug bounty program. In the meantime, if you have any issues you can always let us know via emailing firstname.lastname@example.org, visit our contact us, or just call our security guy: +44 748129 7561.
Thanks to the following for helping secure the accredit.ly platform
- 02/April/2019 – Low – ReubenS – Config issue lead to exposed internal configuration data