Personnel practices
All Saberr's employees and partners follow a security policy to keep everybody's data secure.
- We use two-factor authentication to log into important systems like databases and communication platforms.
- We encrypt the hard drives of our computers, so that data is safe even if they're lost.
- We keep our computers up to date with the latest security updates.
- We use role-based access controls to limit our access to the minimum needed to do our jobs.
- We use password managers so that all of our passwords are strong and different between sites.
Databases
- Your data is encrypted at rest in our databases.
- Our systems interoperate inside a Virtual Private Cloud, and your data is always encrypted "in flight" outside of that.
- All of our apps and APIs use HTTPS, and if you try to use insecure HTTP you'll be automatically redirected.
- We use various methods to protect data against brute-force attacks.
- We keep rolling backups of databases, to prevent permanent data loss.
In our apps
- Base enforces strong passwords for users, whilst CoachBot is passwordless and you log in by getting an email.
- Users are assigned permissions that control who can see and change which data.
Writing code and preventing errors
- We use and review logs to identify and fix code bugs.
- When we write new code, we review each other's code to check and improve it.
- We include tests for each bit of code to make sure it continues to work as expected in the future, even with unexpected or adversarial inputs.