Security

1

All access to servers, databases, containers, source codes are very secured with strong password and 2FA authorizations.
For API keys, we are using non-recoverable unique hashed algorithm while generating them.
We provide cryptographic signatures of all API responses, and we support nonces on certain requests, all to help combat

2

Our all infrastructure is hosted by OVH, dedicated servers with hardware-level encrypted storages.
Our main servers are located on Canada, we also keep encrypted backups of data in other locations.
S3 and CDN services are provided by StackPath, SSL certificates by RapidSSL.
Our infrastructure provides DDoS mitigation techniques including layer 3,4 and 7 attacks, and connection rate limiting too.
Our servers are managed by our server team and Bobcares service for emergency recover.

3

All passwords are securely hashed using Argon2.
API access tokens are hashed using SHA256 with salts. We never store API access tokens as plain text.

4

All communications between users and servers are encrypted with TLS 1.2 protocol.
We use 256-bit encryption at all levels of our systems. We enforce TLS (HTTPS) to protect sensitive data transmitted to and from applications i.e. data in-transit.
User data is stored in our MySQL servers.

5

Credit card and bank information is encrypted, stored, and processed by Paddle, we do not store any credit card or bank information for your payments.
All communication with Paddle is handled over an encrypted TLS connection.

6

We are aggressive about monitoring for application errors and crashes, and resolving them as quickly as possible. We strive to provide 99.9% uptime, and do offer a custom SLA plan for enterprise customers.
We are using UptimeRobot, to check uptime for our internal and external services.
When server is crashed in not working days, Bobcares will