We are aware of the nature of geological knowledge and why it's important for you to maintain your information private and secure. We have put in place several security measures to keep your information safe. We also constantly improve those measures and review our protocols with your security in mind, all the time. If you want to talk with a human about those measures, send us an e-mail to firstname.lastname@example.org. If there’s a vulnerability you think we should know, also write to email@example.com so we can know it, promptly act on it and disclose it responsibly. The following are a set of measures we take to maintain your information secure:
Our servers are located in the United States. Currently we use cloud providers for our services. However, only direct employees have access to any of the servers powering Geomodelr.
2. Systems Security:
We constantly update our servers with the latest vulnerability reports. We also constantly update our entire software stack so that it's current with the latest developments and possible vulnerabilities. We also block unauthorized access to our systems with firewalls. The surface of vulnerability of the service is kept to a minimum with a monolithic architecture where all access goes in and out through a single channel.
3. Communications Security:
All communications between you and the service are transmitted over SSL. The entire site uses HTTPS, even files and the largest objects, like visualizations or maps are served encrypted.
The files you store in our services can only be accessed with secure links that are kept alive for minutes. For you this works seamlessly: every time you need to access a file or view an image, you will have a valid and current link and you will be able to use it without even noticing it. However, nobody can guess the names of your files and download them, or use a link that you previously used to download a file to your computer. This includes images that you embed in your articles or versions of your models.
4. Data Security:
We backup your data daily. We keep up to seven days of backups. If you accidentally removed your information and want to recover it, please contact us as soon as possible to check if the version you are looking for is still available, but we offer no such guarantee.
We do not encrypt your data on the disk, as it would affect negatively your performance without giving you any security guarantee. We focus on making our machines and networks as secure as possible.
5. Employee Access:
No Geomodelr employee ever accesses private repositories unless required to for support reasons. We go at great lengths not to access any information in a private study. When working in a support issue, we do our best to respect your privacy as much as possible. We only access the files and settings needed to resolve your issue. In rare cases we might have to access your files or studies in our test machines, we will immediately delete such information when we are finished. We will try to report to you if a Geomodelr employee has to access a private study for a support reason that you are not be aware of, except as required by law.
6. Login Credentials:
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using PBKDF2. Login information, as all Geomodelr information, is always sent over SSL. The size and complexity of your password, and how you secure it, increases the security of your information.
7. Credit Card Safety:
When you change your plan to a private plan, we don’t store any of your information in our servers. In fact, no credit card information passes through our servers. It goes directly to Stripe (https://stripe.com), a PCI-Compliant service. We only know enough information to charge you every month/year for your private plan.
Last updated: October 31, 2016