Chattermill Security

Introduction

Chattermill is, at the heart of it, a data company. Protecting the data our customers have entrusted us with is is our primary concern from day one. While it is not a good practice to provide a detailed overview of specific security measures taken, we believe it is important for our customers to be aware of some of the general steps we take to protect their data. If you have specific security concerns, please reach out to security@chattermill.com

This document is intended to complement our Terms, Privacy Policy and Vulnerability Disclosure Policy

Data Centre Security

  • All Chattermill servers and data are stored on the infrastructure provided by the leading cloud companies including Amazon Web Servicesand Google Cloud Platform.
  • We therefore benefit from significant investment these companies have made into security.
  • All data is always stored exclusively within EU.
  • We have multiple levels of back up processes to minimise data loss in case of an attack or system failure.
  • All backups are encrypted and stored in secure cloud locations within EU.
  • All traffic to and from our data servers is conducted over HTTPS and is thus encrypted.

Application Level Security

  • Chattermill account passwords are hashed. Our own staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
  • All login pages (from our website and mobile website) pass data via TLS.
  • The entire Chattermill application is encrypted with TLS.
  • We utilise Auth0 for Login and session management functionality and thus benefit from their extensive security measures.
  • We perform regular security penetration tests, using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
  • Where possible we minimise the amount of personally identifiable data we collect about from our customers’ users. Chattermill system can fully function without any personally identifiable data being passed to us, however, some companies may prefer to do so anyway.
  • Where possible, we rely on well-established open source software to avoid any potential for malware.

Internal IT Security

  • The Chattermill office is secured by keycard access.
  • We mandate usage of secure passwords across all third party software in use by the Chattermill team. Additionally, where offered we employ 2-factor authentication.
  • We perform security audits on any third party software in use by the Chattermill team.
  • We mandate full disk encryption and latest versions of anti-virus and firewall software across every computer used by the Chattermill team to access client data.
  • We protect every computer in use within Chattermill with a secure password and additional security measures where possible.
  • Every employee undergoes security training to understand the importance of protecting customer data.