Security Policy

Last updated: 2nd August 2018

We know how critical your data is to you and that you rely on Request.st.

At Request.st we take very seriously the security and for that reason we have partnered with one of the top leading security providers for SaaS products, Sucuri, with their Website Security Platform solution, helping us to manage:

– Mitigation of Distributed Denial of Service (DDoS) Attacks
– Prevention of Vulnerability Exploit Attempts
– Protection Against the OWASP Top 10 (and more)
– Access Control Attacks (i.e., Brute Force attempts)
– Malware Detection
– Malware Cleanup

 

1. Infrastructure and Third Party Services
2. Credit Card Security
3. Account access
4. Communications
5. Snapshot and Backup Security
6. Reliability
7. Privacy Policy
8. Need to Report a Security Vulnerability?
9. Responsible Disclosure
10. Questions

 

1. Infrastructure and Third Party Services

At Request.st, we rely on a well know servers infrastructure, DigitalOcean, which has proper virtual and physical security measures in place (learn more).

Our application stack (Apache, Nginx, Varnish, Memcached, PHP and MySQL) is running on Cloudways platform. Cloudways has implemented strong security policies and process control mechanisms, which include state-of-the-art firewall, 24/7 monitoring and weekly security patching. Learn more about Cloudways terms.

We use MaxCDN as CDN provider (learn more) and Sucuri CloudProxy as a Web Application Firewall (learn more).

For communicating with our customers, we use the messaging app Crisp.im (learn more) and for managing help requests, HelpScout (learn more).

 

2. Credit Card Security

We hand off credit card processing to Stripe (learn more). They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information. Therefore we never store complete digits of your credit cards, only the last 4 digits for your reference and management.

 

3. Account access

As a customer, you and your members will be able to use Two-Factor Authentication (2FA) when logging to Request.st.

Two-factor authentication is an extra layer of security for your account designed to ensure that you’re the only person who can access your account, even if someone knows your password.

We have made it extremely easy to set up 2FA in your account settings.

 

4. Communications

All communications with Request.st are transmitted over SSL (HTTPS). We use SSL certificate, ensuring our domain and all subdomains are properly protected.

 

5. Snapshot and Backup Security

We backup automatically all the data on a daily basis ensuring we can recover from a complete outage as fast as possible, for example deploying to different servers.

 

6. Reliability

We measure constantly the uptime of our services (in the last year we had a 99,99% of service availability). You can check our status page.

 

7. Privacy Policy

Request.st’s privacy policy, which describes how we handle data input into Request.st, can be found at www.request.st/privacy.

 

8. Need to Report a Security Vulnerability?

Please email us directly at: support@request.st

 

9. Responsible Disclosure

We would like to keep Request.st safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner.

Publicly disclosing a vulnerability can put the entire Request.st community at risk. If you have discovered a possible vulnerability we would greatly appreciate you emailing us at support@request.st. We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails are immediately sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the security of our service is our primary concern.

 

10. Questions

We would love to hear from you if you have any questions regarding any specific policy that could be made clearer or any general inquiries regarding security. If you’re already a customer, please open a support ticket through our help page so that our support team can help you. Alternatively, please use the form on our contact page.