We take security very seriously here at Tettra. We know our customers trust us with their team’s important data, and we use industry best practices to keep it secure.
Backups & Data Recovery
Encryption In Transit and At Rest
When using Tettra, all of your data is sent via HTTPS. That means your data (e.g. passwords) are encrypted so it can’t be intercepted by hackers. Both our primary database and all backups are encrypted. All communication across data centers is over SSL.
We strive to make Tettra a highly-available service that our customers can rely on. Tettra runs on infrastructure that has fault-tolerance and redundancy built in. If incidents do arise, we keep our customers informed and work hard to resolve them as quickly as possible. Our current and past availability information is available at http://status.tettra.co/.
Hosting & Service Providers
- Tettra is hosted on Heroku. You can learn more about Heroku’s security here: .
- We also use Amazon AWS (Amazon Web Services) to host our database and backups. You can learn more about Amazon’s security here: .
- Authentication is provided by Slack. You can learn more about Slack’s security overview here: .
- We use Algolia to power our full-text search feature: https://www.algolia.com/security.
Our credit card processor, Stripe, has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
Authentication to Tettra is handled via OAuth to Slack. You can on your Slack account for an added layer of security.
For accounts set up with email, we verify that email address belongs to you and store your password using the industry recommended hash function (bcrypt).
Access to Customer Data and Audit Policies
We have strict policies in place regarding Tettra employee access to data you store on Tettra. From time to time, certain employees may need to access customer data in order to diagnose and resolve issues. Whenever practical, we notify the customer and obtain written consent before doing so. We have granular audit logs in place to ensure that any access to customer data is logged.
All new product features and internal processes are peer-reviewed and evaluated for their security impact before they are released to production. We strive to continuously monitor and improve our security practices in response to industry changes and customer feedback.
Have Concerns? Want to learn more?
Send us a note at firstname.lastname@example.org. We’re happy to help in any way we can.