Security

how we secure the accredit.ly platform

Security

We take security very seriously. From 100% SSL (HSTS Preload) to individual user encryption keys, we do everything we can, and more to keep your data safe and secure. Here are just some of the steps we take to keep your data secure:

  • All accredit.ly services are provided over HTTPS (SSL HSTS Preload).
  • All evidence files are encrypted using ‘unique to accreditation’ encryption keys.
  • All identity files are encrypted using ‘unique to user’ encryption keys and then deleted immediately after the verification process
  • All files and records are re-encrypted at rest.
  • All infrastructure is secured with logging and 2FA.
  • Only the data controller has access to production databases.
  • All production configuration is stored in the encrypted vault and none of our engineers have access to the secrets.
  • All users are disassociated from their data through advanced cryptographic hashing (Only on the infrastructure side, if your details appear in the accreditation body and you’d like it removed please contact us).

Privacy

When you are issued an accreditation, only you and the person who issued it are able to view it. Only the recipient can change privacy / security options on the accreditation. You have full visibility on the data we collect, extrapolate and learn from and can request deletion / removal at any time. Please see our full privacy policy for more details.

Reporting an Issue

We’re working to secure not just our technology but also further investment to fund a bug bounty program. In the meantime, if you have any issues you can always let us know via emailing security@accredit.ly, visit our contact us, or just call our security guy: +44 748129 7561.

Acknowledgements:

Thanks to the following for helping secure the accredit.ly platform

  • 02/Dec/2017 – Reuben S: Config issue.