Customer confidence and data security is critical to
everything we do at Idea Drop.
All data is stored in encrypted Amazon S3 buckets
Regular third-party pen-testing
We would like to make two things clear. First, we respect your privacy and take significant efforts to protect all your data. Second, we would never do anything with your data that we wouldn’t be proud to tell the world about.
Keeping our customers’ data secure is the most important thing that Idea Drop does. We go to considerable lengths to ensure that all data sent to Idea Drop is handled securely – keeping Idea Drop secure is fundamental to our business.
Infrastructure & security overview
- All of our services run in the cloud. Idea Drop does not run our own routers, load balancers, DNS servers, or physical servers.
- All of our services and data are hosted in Amazon Web Services (AWS) facilities.
- All of our infrastructure is spread across separate data centres (availability zones) and will continue to work should any one of those data centres fail unexpectedly.
- Customer data is stored in multi-tenant datastores, we do not have individual datastores for each customer. However strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing another customer’s data.
- Our managed hosting team and their engineers track and monitor our systems 24/7 to report and immediately fix any vulnerabilities or issues that are identified.
- Idea Drop is served 100% over https.
- Cloudflare is used for all network requests. Cloudflare provides an IDS on incoming traffic. More information here: https://www.cloudflare.com/features-security
- All data is stored in encrypted Amazon S3 Buckets and is continuously versioned for recovery purposes. More information on AWS security and their architecture is available here: https://aws.amazon.com/security/
- We always use the latest technologies at the latest patch levels.
- We regularly engage with third-party auditors to audit our code-base and infrastructure, test for SQL injection, and work with them to resolve potential issues.
- Idea Drop is not subject to PCI obligations. We do not store credit card information in any database. All payment instrument processing is outsourced to Stripe.
For further information about our security procedures and systems, please contact us.