Journey software is critical to your business and we take security of customer data extremely seriously. We host Journey using comprehensively hardened infrastructure-as-a-service (IaaS) platforms from Amazon Web Services(AWS).
Accessing any Journey data is restricted to authorized users that are authenticated using a user-generated password. These passwords are encrypted one-way with PBKDF2-SHA256 encryption method and kept securely on AWS database servers. All identity and access management is done directly with these servers and there is no way for Journey to know a user's password as they're encrypted at signup time.
Journey supports multiple permission levels for internal users and client users. Permission level changes can only be made by admins (internal admin users and client admin users).
Journey production data is processed and stored within world-renowned AWS data centers that use state-of-the-art multilayer access, alerting, and auditing measures. Journey does not own any physical servers. 100% of the data is processed and kept on servers provided by AWS.
Servers and networking
All Journey servers and structured data stores use managed infrastructure services provided and secured by Amazon. Our web servers encrypt data in transit using the industry standard for HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
All persistent data is encrypted at rest using industry-standard AES-256 algorithms and entirely kept on AWS data centers.
Code Reviews and Production Deployment
All changes to source code are subject to automated testing and any that affect security require pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.
All code is deployed to a staging environment for quality assurance and automated tests must pass prior to updating production services.
Service Levels, Backups, and Recovery
Journey infrastructure utilizes multiple and layered techniques for increasingly reliable uptime, including the use of load balancing and task queues. Journey uses highly redundant data stores, rapid recovery infrastructure, and point-in-time backups making unintentional loss of customer data very unlikely.
Server and Client Hardening
All Journey servers use AWS backed infrastructure which provide load balancing, auto-scaling, and application health monitoring to ensure Journeys are always running reliably.
The client side application uses several techniques to ensure Journeys are safe and that all requests are authentic, including using JSON-web token for managing sessions and using secure cookies.
Customer Payment Information
We use Stripe for payment processing and do not store any credit card information. Stripe is a trusted, Level 1 PCI Service Provider.