Because Capshare is a hosted Software-as-a-service product, we recognize that security is crucial. This page outlines our security and backup policies.
Capshare does not store credit card information
Our system integrates with Stripe, which is a PCI compliant payment processor. When entering credit card information, a request is made directly to Stripe using SSL.
Access to all Capshare servers is secure
- Firewalls on all servers are set to default-deny.
- Database connections are only accepted from other Capshare servers on the internal private subnet.
- All communication with servers (outside of public HTTP/HTTPS access) is over encrypted secure shell (SSH) and password authentication is disabled. SSH authentication is available only via public/private key authentication.
- All of Capshare's servers are hosted on Amazon Web Services (AWS)
Capshare servers and software are running the latest versions of software and security patches
- We strive to keep all server software on the latest version; however, when that is not possible, we do ensure that the latest security patches are installed and up-to-date.
- We run the latest version of Ruby on Rails 3.2, and we apply the latest security patches as they come out.
Capshare is written to protect against SQL injection attacks
Capshare is built on the Ruby on Rails platform and uses all the built-in protections for sanitizing query parameters in SQL statements.
Data is stored securely
Data is hosted on Amazon EC2 and Amazon RDS with encryption enabled.
Access to Capshare is secure
All access to Capshare is over a secure (SSL encrypted) connection.
Access is logged
All activity on a company is logged and is available in the “Audit Log” maintained for each company in the system.
All employees are required to sign a confidentiality agreement. Each employee is given a separate login to the system and all page requests are logged and backed up.
Backups are stored offsite and are encrypted. Capshare performs daily, weekly, and monthly backups of the entire system. These backups are made to Amazon S3 which stores data in multiple facilities and on multiple devices within each facility. Amazon S3 performs regular, systematic data integrity checks.
PII and Cookies
Cookies are required for normal operation of Capshare; however, no PII is stored in any of the cookies that Capshare uses.