If you think you may have found a security vulnerability within Squeaky, please get in touch via firstname.lastname@example.org as soon as possible.
Last Updated: January 13th 2021
Internal access to any Squeaky application requires a VPN with 2-factor authentication.
Squeaky's infrastructure is provisioned with Terraform, and changes undergo a thorough review process.
All data ingested into Squeaky is encrypted in transit. All data stored in our databases is encrypted at rest.
Squeaky was designed with redundancy in mind. Where possible, our services run in multiple availability zones in the eu-west-1 AWS region.
Our databases are automatically backed up and encrypted.
Passwords are stored in a hashed format, no member of Squeaky is able to read or decrypt customer passwords.
VPN access requiring 2-factor authentication and elevated privileges is required to access any of Squeaky's applications.
By default, nobody at Squeaky can access customer data. A small number of DevOps engineers can access the data for debugging and operational purposes if absolutely required.
Squeaky's performance is automatically monitored 24/7. System logs are stored internally within AWS and require 2-factor authentication.
All customer's Personally Identifiable Information is omitted from the logs.
We rely on several third-party resources to deliver our services and we endeavour to ensure we are working with highly compliant and regulated partners.
Payments in Squeaky are PCI-compliant as we use Stripe's hosted payment fields that use a PCI DSS validated server
Our infrastructure is hosted on AWS, which is an ISO27001 certified service.
Our infrastructure is hosted on AWS, which is an SOC2 certified service.