At Ad Reform we take the protection of customer data extremely seriously. This policy describes the organizational and technical measures Ad Reform implements platform wide designed to prevent unauthorized access, use, alteration or disclosure of customer data. The Ad Reform services operate on Amazon Web Services (“AWS”); this policy describes activities of Ad Reform within its instance on AWS unless otherwise specified.
Incident Response Plan
We have implemented a formal procedure for security events and have educated all our staff on our policies.
When security events are detected they are escalated to our emergency alias, teams are paged, notified and assembled to rapidly address the event.
After a security event is fixed we write up a post-mortem analysis.
The analysis is reviewed, distributed across the company and includes action items that will make the detection and prevention of a similar event easier in the future.
Ad Reform will promptly notify you in writing upon verification of a security breach of the Ad Reform services that affects your data. Notification will describe the breach and the status of Ad Reform's investigation.
Build Process Automation
We have functioning, frequently used automation in place so that we can safely and reliably roll out changes to both our application and operating platform within minutes.
We typically deploy code many times every day, so we have high confidence that we can get a security fix out quickly when required.
Infrastructure
All of our services run in the cloud. Ad Reform does not run our own routers, load balancers, DNS servers, or physical servers.
All of our services and data are hosted in AWS facilities and protected by AWS security.
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
Data
Ad Reform services and data are hosted in Amazon Web Services (AWS) facilities in the USA
Customer data is stored in multi-tenant datastores. Ad Reform implements logical separation to ensure data privacy and to prevent unauthorized access to customer data.
Ad Reform engages certain sub-processors to process customer data. These sub-processors are listed in our Privacy Policy.
Data Transfer
All data sent to or from Ad Reform is encrypted in transit using 256-bit encryption.
Our API and application endpoints are TLS/SSL only.
Authentication
Ad Reform is served 100% over HTTPS encrypted connections.
User passwords are encrypted via the
bcrypt
password hashing algorithm. Passwords are never stored in the database in plaintext and are therefore not accessible by staff.We have two-factor authentication (2FA) and strong password policies on GitHub, Google, and AWS to ensure access to cloud services are protected.
Payment Processing
We do not store or process any payment data. All payments made to Ad Reform go through our payment partner, Stripe. Details about their security setup and PCI compliance can be found at their security page.
Customer Responsibilities
Managing your own user accounts and roles from within the Ad Reform services.
Protecting your own account and user credentials by using two-factor authentication for all of your employees accessing the Intercom services.
Compliance with the Ad Reform Terms of Service
Promptly notifying Ad Reform if a user credential has been compromised or if you suspect possible suspicious activities that could negatively impact security of the Ad Reform services or your account.
You may not perform any security penetration tests or security assessment activities without the express advance written consent of Ad Reform.