Network and Application Security
Data Hosting and Storage
- Love to Ride services and data are hosted in Amazon Web Services (AWS) facilities.
- Virtual Private Cloud
- All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Back Ups and Monitoring
- Love to Ride uses RDS backups archived in S3 for datastores that contain customer data.
- On an application level, we produce logs for all activity and use AWS CloudWatch for analysis purposes.
- 24/7 monitoring of all server systems
Authentication
- Love to Ride is served 100% over https.
- All connections to the Love to Ride platform are secured via TLS
- 2-factor authentication (2FA) and strong password policies on GitHub, Google, and AWS to ensure access to cloud services are protected.
Encryption
- All data sent to or from Love to Ride is encrypted in transit using 256 bit encryption.
- Passwords are stored using a PBKDF function (bcrypt).
Pentests, Vulnerability Scanning
- Love to Ride uses third party security tools to continuously scan for vulnerabilities.
- We engage third-party security experts to perform detailed penetration tests on the Love to Ride application and infrastructure.
Additional Security features
-
Training - All employees complete Security and Awareness training annually.
-
Policies - Love to Ride has a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
-
Confidentiality - All employee contracts include a confidentiality agreement.
-
PCI Obligations - All payments made to Love to Ride go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.