Security

Data is your business’s most valuable asset.
We take the security of that data seriously.

How We Secure Your Data

We thwart eavesdroppers.

We use proven encryption protocols whenever your data is transferred over open networks. We encourage you to send your data through encrypted protocols including SSH, SSL, or a VPN, and we will only serve your data back over SSL.

We keep physical intruders out.

Our data centers are protected by electronic security and intrusion detection systems and a 24/7/365 human staff.

We keep virtual intruders out.

Our operating systems and other software are kept up to date with the latest security patches. Our network is protected by dedicated firewall services to prevent unauthorized access, and our systems regularly undergo automated vulnerability scans.

We identify and prevent new attack vectors.

New features undergo a security review by our team before release, and the security professionals at ^Lift Security perform regular audits and penetration tests on our existing systems.

We don’t look at your sensitive data.

We never analyze sensitive data like payment details. We encourage you to restrict our access to this data, but even if you do not, we will not transfer it to our systems or anywhere else. You can decide what - if any - personally identifiable information you want to share with us for analysis.

We know the best practices, and we follow them.

Your password is stored using a secure cryptographic hash. Your payment information is transmitted, stored and processed on a secure PCI-compliant network, and is never stored on our servers. When you provide us credentials to access other systems, we encrypt them before storing.

Have a question that we didn't address on here? Get in touch.


Need to report a security issue?

If you believe you’ve found a security vulnerability in RJMetrics, we encourage you to let us know right away by emailing security@rjmetrics.com (optionally using our PGP key). We request that you do not publicly disclose the issue until we have a chance to address it and will not pursue legal action as long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability.

We will respond as quickly as we can and reward the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users' data (such as bypassing our login process, injecting code into another user's session, or acting on another user's behalf) with some swag. Other issues may be rewarded at our discretion.