Last Updated: 22nd September 2023
At Hyperengage, security is our absolute highest priority from day one and we built our infrastructure accordingly. In the spirit of openness and transparency, here are some of the security measures we take to protect and defend the Hyperengage platform.
We protect your data
- RBAC control ( You can limit access to your account for different team members with granular controls)
- 2FA Authentication
- Password storage and encryption
- Users are required to create complex passwords while all credentials are salted, hashed, and encrypted-at-rest.
- All data at rest is encrypted with AES-256 while data in-transit is protected over TLS encryption.
- Hyperengage uses AWS data centers for hosting services and data in the United States (us-east-1)
Your users’ data never leaves our servers
We distinguish between data about your users and data about you, yourself. While, for example, your billing information is shared with Stripe, and your profile is accessible to us in our help desk software, any data about your users are never shared with any external providers, and never leaves our server cluster hosted with AWS Platform.
We don’t collect information from your users’ browsers
When our tracking script is installed in your product we don’t collect any extra information, Any user attributes you want to include is completely in your control. All events that you track you explicitly pass data attributes to them.
- We operate under the principle of least privilege: Employees are assigned the lowest level of access that allows them to do their work.
- Two-factor authentication is enforced in all sensitive systems.
- All employees are required to use approved password managers (like Lastpass or 1Password) to generate and store strong passwords that are never reused.
- All employees are required to encrypt local hard drives and enable screen locking for device security.
- All access to application admin functionalities is restricted to a small subset of Userflow staff.
- We never store customer data on personal devices (like laptops).
- All code changes are thoroughly tested through our Continuous Integration software.
- All code changes is tested in a staging environment before deploying to production.
- We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues. We are aggressive about applying patches and deploying quickly.
- We use deploy previews to explicitly test everything.
Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.
Have a concern? Need to report an incident?
Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Send urgent or sensitive reports directly to firstname.lastname@example.org . We’ll get back to you as soon as we can, usually within 24 hours. Please follow up if you don’t hear back. For requests that aren’t urgent or sensitive: submit a chat on our website.
Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.