We take security very seriously at IdeaJudge. We know our customers trust us with their team’s important data, and we use industry best practices to keep it secure.
Backups & Data Recovery
Everything stored on IdeaJudge is backed up daily. In the event of a data-loss we can restore from backup within an hour.
Encryption In Transit and At Rest
When using IdeaJudge, all your data is sent via HTTPS. That means your data (e.g. passwords) are encrypted so it can't be intercepted by hackers. Both our primary database and all backups are encrypted. All communication across data centres is over SSL.
Availability
IdeaJudge runs on infrastructure that has fault-tolerance and redundancy built in. If incidents do arise, we keep our customers informed and work hard to resolve them as quickly as possible.
Hosting & Service Providers
We consider security as primary criteria when choosing service providers to work with. Our providers are SOC 2 certified.
- IdeaJudge is hosted on Digital Ocean. You can learn more about Digital Ocean's security here: https://www.digitalocean.com/security.
- We also use Digital Ocean to host our database and backups. You can learn more about Digital Ocean's security here: https://www.digitalocean.com/security
- We use Algolia to power our full-text search feature: https://www.algolia.com/security.
Billing
Our credit card processor, Stripe, has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
Authentication
Accounts are set up with email. We verify that email addresses belong to you and your employees who join our services, and we store your password using the industry recommended hash function (bcrypt).
Access to Customer Data and Audit Policies
We have strict policies in place regarding IdeaJudge employee access to data you store on IdeaJudge. From time to time, certain employees may need to access customer data to diagnose and resolve issues. Whenever practical, we notify the customer and obtain written consent before doing so. We have granular audit logs in place to ensure that any access to customer data is logged.
Continuous Improvement
All new product features and internal processes are peer-reviewed and evaluated for their security impact before they are released to production. We strive to continuously monitor and improve our security practices in response to industry changes and customer feedback.
If you have questions, please Contact Us. We're happy to help in any way we can.