The safety of your business relies on the tools that you use. Elevation goes the extra mile to make sure our Service is secure, reliable and worth your trust.
Elevation is hosted in secure-by-design Amazon Web Services facilities that continually manage risk and undergo recurring assessments to ensure compliance with industry standards. This includes independent policies for physical access, monitoring & logging, surveillance & detection, device management, operational support systems, infrastructure maintenance, and governance & risk. For more information on the AWS physical security processes, click here.
Elevation’s system installation is using a hardened, patched OS with dedicated IAM user keys to access and password to limit access and protect against attacks. We also employ industry-leading solutions to mitigate DDoS attacks.
All private data to and from Elevation is transmitted over SSL. All communication with the repository is done over SSH authenticated with keys.
Users can optional add a credit card to their profile, we’ll ask for the details of a user’s credit card including: card number, expiration date, security code, and zip code. We do not store this information on our servers: we are using Stripe, an external provider used by companies like Lyft, Kickstarter, instacart and Pinterest. All servers are PCI Compliant and monitored by Stripe security and auditing departments.
Passwords in Elevation are salted and hashed by one-direction encryption scripts. Passwords and access keys used in delivery actions (FTP details, SSH, Amazon Access Keys, etc.) are salted and encrypted with two-direction encryption scripts and kept in this form in production servers.
Our employees have access to user data which is only viewed when required for support reasons, data migration, or Tier 1 support. On rare occasions, we may need to clone a copy of the production database to approved company machines. All cloned databases dumped into approved company local machines are deleted as soon as the support issue has been resolved.
The employee policy applies to all type of private data stored in Elevation, such as server authentication details, authentication data with third-party integrations, or personal user information. All data is stored in encrypted form and can only be accessed by our team for development, security or maintenance, or for support reasons.
All Elevation personnel is trained towards security compliance and subject to privacy agreements. New employees follow a structured onboarding process to get familiar with tools, processes, systems, policies, and procedures. Compliance audits are performed so that employees understand and follow the established policies.
System maintenance is scheduled for every Sunday at 10:00pm (MST) and takes up to 60 minutes unless stated otherwise stated via in-app or email to onsite staff, and user population. In case of large updates or Tier 1 classified support ticket, client will be notified in advance via email within 48 hours.
All data is backed up in real-time to AWS infrastructure daily. Elevation IT employees are the only ones with access to backed-up data and infrastructure for support reasons.
Elevation has a 99.99% uptime of our servers every given month, excluding scheduled weekly maintenance and/or updates.In case of a Tier 1 support issue, which includes: Outages or Data breach we will communicate with onsite staff as well as with client via email within 48 hours.
In case you’ve found a security vulnerability, please see our Responsible Disclosure Policy.
If you have any questions regarding the safety and security of our Service, drop a word to [email protected] and we'll get back in a snap.