Legal & Compliance

Security

Last Updated: January 13th 2021

Infrastructure and security

Internal access to any Squeaky application requires a VPN with 2-factor authentication.

Squeaky's infrastructure is provisioned with Terraform, and changes undergo a thorough review process.

Data encryption

All data ingested into Squeaky is encrypted in transit. All data stored in our databases is encrypted at rest.

Failover and disaster recovery

Squeaky was designed with redundancy in mind. Where possible, our services run in multiple availability zones in the eu-west-1 AWS region.

Our databases are automatically backed up and encrypted.

Identity and Access Control

Passwords are stored in a hashed format, no member of Squeaky is able to read or decrypt customer passwords.

VPN access requiring 2-factor authentication and elevated privileges is required to access any of Squeaky's applications.

By default, nobody at Squeaky can access customer data. A small number of DevOps engineers can access the data for debugging and operational purposes if absolutely required.

Monitoring and Logging

Squeaky's performance is automatically monitored 24/7. System logs are stored internally within AWS and require 2-factor authentication.

All customer's Personally Identifiable Information is omitted from the logs.

Partner Compliance

We rely on several third-party resources to deliver our services and we endeavour to ensure we are working with highly compliant and regulated partners.

Payments in Squeaky are PCI-compliant as we use Stripe's hosted payment fields that use a PCI DSS validated server

Our infrastructure is hosted on AWS, which is an ISO27001 certified service.

Our infrastructure is hosted on AWS, which is an SOC2 certified service.