Security is managed two-fold; in part by the world class system-level security that Amazon provides, and secondly on the application level.
On the application level everything is scoped off to your subdomain (e.g. example.peoplegoal.com). It's a top-level application rule that no data can be modified from one subdomain to another, so there is no chance that anyone else can access your account. We have in-built security controls with the core application, too (such as role-based security, controller level security, etc.). We use the latest 4.1 version of Ruby on Rails that does sanitisation, encryption, cross-domain checks, etc.
Data is stored in our primary database, which is the latest version of PostgreSQL hosted on Amazon RDS. Data is archived (in the application) under your 'Business archive', and is accessible/restorable at any point in time. In terms of physical data backup/archive; these are run daily by our ops management team. We do not store, sell or otherwise use our customer data. We have no access to credit card information or passwords.
Our platform inherently protects customers from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with the ability to rapidly deploy security updates without customer interaction or service interruption. The AWS cloud infrastructure has been designed to be one of the most flexible and secure cloud computing environments available today.
For more information on our privacy and terms & conditions visit: