take the security of our customers data very seriously. Here at
AllAnswered, we utilize comprehensive security technologies to
maximize the safety and security of our customers information. This
document shares the practices and policies we put in place regarding
security for our paid subscribers.
are using Amazon Web Services (AWS) to host our servers, databases
and storage. AWS is certified as a SOC 1 ISAE 3402, SOC 2, SOC 3, ISO
27001 and ISO 9001 compliant facility. For more information about AWS
data center compliance, please refer to:
implemented network firewalls with Amazon Virtual Private Cloud (VPC)
so that only permitted traffic is allowed to go through.
in transit and at rest
in transit over network are encrypted using industry standard
Transport Layer Security and Secure Socket Layer (TLS/SSL) technology
with advanced AES-256 encryption to prevent eavesdropping or
man-in-the-middle attack (MITM). Storage at rest in production
network is also encrypted with AES-256. All the keys are stored and
managed on the server side.
credentials are saved using PBKDF2 algorithm with a SHA256 hash, a
password stretching mechanism recommended by NIST. We also support
Single Sign-On (SSO) with all major Identity Providers using industry
standard SAML2.0 and Oauth protocol.
data are versioned and backed up regularly between physical locations
to prevent data loss. All infrastructure changes are logged using
Cloudtrail and archived for governance, compliance, operational
further reduce the risk of unauthorized access to customers data,
AllAnswered requires multi-factor authentication for administrative
access to systems. Direct access to production servers is over Secure
Shell (SSH) with private keystore.
to infrastructure resources and applications is controlled based on
roles and is limited to people who have the right permissions. The
operations team has access to the necessary infrastructure in order
to run our service. AllAnswered does not hire third party contractors
to maintain its infrastructure.
an individual user signs in to AllAnswered account, a session cookie
will be stored that contains a specific security token used to
identify the user. This cookie is used to re-authenticate the user
before the user session expires. Signing out of the user's account
will clear this cookie.
modern browsers automatically accept cookies, but you can change your
browser settings to stop automatically accepting cookies or to prompt
you before accepting cookies. Please note, however, that if you don’t
accept cookies, you may not be able to access all features of our
operations team regularly updates our server Operation Systems,
software, tools and libraries. Security patches are applied as they
become available. Our security team undergoes comprehensive
penetration testing every 6 months. Any vulnerabilities discovered
have to be remediated within 30 days.
supports uptime of 99.9% by adding redundancy throughout our
infrastructure stack, including multiple instances in different
availability zones to maintain a secure and reliable service for our
and PCI DSS compliance
involved with the processing, transmission, or storage of credit card
data must comply with the Payment Card Industry Data Security
Standards (PCI DSS). AllAnswered does not store, process, or transmit
card data directly. Instead, the credit card information is sent
directly to Stripe, our payment partner, which is a PCI Level 1
have complete control over your own data. If you want to backup them
or take them somewhere else, you can export all content of each
community in your team. The exported files are in comma separated CSV
a security vulnerability
you discover a security issue in AllAnswered service, we ask that you
report it to us confidentially in order to protect the security of
our services. Please email the details to our security team at
firstname.lastname@example.org. Our security team will respond to confirm
receipt of your message, review and plan the mitigation of the issue