Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please contact us at [email protected]. We implement secure engineering practices in the design and code of CallHub. Our security architecture details are below:
CallHub uses Amazon Web Services (AWS) as our cloud infrastructure provider. AWS's world-class data centers are highly secure, nondescript and have numerous safeguards against perimeter intrusion. They utilize multi-level biometrics and other physical security safeguards to restrict access to the data centers themselves, as well as regions on the data center floor. The full redundancy of these data centers in various locations around the world ensures that CallHub will remain resilient in the event of a disaster or system failure. More details about AWS security is here
Each system uses firewalls to restrict access to systems from external networks and between systems internally. To mitigate internal and external risk, access is restricted to only the ports and protocols required for specific business needs.
CallHub forces HTTPS for all services, including our public website. All web session traffic between your application and CallHub is encrypted using TLS (transport layer security) to protect all of your data. The TLS protocol provides data encryption and authentication between your application and our servers and prevents third parties from stealing information. Sensitive data between applications are protected by access tokens and are encrypted during transmission.
To prevent unauthorized account access, each session requires the account username and a strong passphrase for access to each CallHub account. All passwords are stored encrypted with a one-way hashing algorithm resistant to brute-force and dictionary attacks by using a salt. Passwords are not logged. CallHub does not retain any customer credit card information as all data is directly provided to our payment processor, Stripe.
Our payments are processed by Stripe.com. Stripe stores your credit card information on its servers. Your credit card information never reaches our servers, and is never stored there. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. More details about Stripe security is here.
CallHub's policies and procedures limits and logs all external and internal access to customer data and requests management approval prior to access. Internally, only select CallHub employees that deal directly with valid customer tickets are permitted to access customer data. These select groups include, customer support, development, and security teams.
We rapidly investigate all reported security issues. If you believe you've discovered a bug in CallHub's security, please get in touch at [email protected]io. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by CallHub.