Security
- Authentication and Encryption:
- All users of the service are authenticated using an industry-standard mechanism which uses AES 256 hashing algorithms;
- All transactional requests to retrieve, add, remove or change data within a sprint are validated using a secure token using AES 256 hashing algorithms which prevents spoofing or unauthorized access;
- The service requires strong passwords, and validates the strength of every password before it can be used.
- Data Transmission:
- All data passed between the user’s web browser and the Sprintbase servers is encrypted using SSL (Secure Socket Layer) and HTTPS (TLS 1.2 and AES 256);
- All uploaded images and documents are scanned for viruses and if any are found, the file is rejected;
- The service implements best-practice Anti-Xss (Cross-Site-Scripting) validation ensuring that none of the input fields are vulnerable to script injections.
- Data Storage:
- All documents and images uploaded to the service are retained in geographically redundant storage which is AES 256 encrypted at rest;
- Each customer’s data is held in a dedicated area of storage with access restricted to authenticated and authorized users only.
- Database:
- No user text is ever part of any Database query. All data access happens through proven industry standard ORM (Object Releational Mapping) model abstractions which prevents the use of SQL Injection techniques;
- Access to the database is secured so that only connections from the service are valid and all connections are authenticated and encrypted. No external connections can be made to the database;
The security of your Personal Information is important to us, but please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
