We take the security and privacy of your data on andcards very seriously. We understand the importance of keeping your data secure, available, and private, and strive to keep it this way.
We use leading hosting and data processing infrastructure
Amazon Web Services (AWS) hosts all of our applications and static resources. They’re one of the top hosting providers in the world – used by companies like Netflix, Adobe, Snap, and Atlassian.
Only andcards engineers have access to AWS machines, via key-based SSH login. We update system software whenever updates are available.
We back-up database continuously to ensure your valuable data stays safe.
AWS is vigilant about your privacy. All data flowing across the AWS global network that interconnects our datacenters and regions is automatically encrypted at the physical layer before it leaves our secured facilities. Additional encryption layers exist as well; for example, all VPC cross-region peering traffic, and customer or service-to-service TLS connections.
We protect you against hacking and ensure product security
We use Amazon RDS encrypted database instance. All logs, backups, and snapshots are encrypted.
Web applications on subdomains, custom domains use a secure HTTPS connection with RSA 2048 bit keys.
Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests.
Once yearly we engage third-party security experts to perform detailed penetration tests on the andcards application and infrastructure.
All employee contracts include a confidentiality agreement.
All payments made to andcards go through our partners. We do not store credit card details or other payment information on andcards servers.
We comply with relevant data processing laws
General Data Protection Regulation 2016/679 (GDPR) compliance.
Data Processing Agreement is available for all customers.
Data Protection Officer to ensure compliance.
Continuous monitoring of user and server activity with the aim of early detection of suspicious activity.