Security Policy
Last updated:
Because Chaaat is a hosted Software-as-a-service product, we recognise that security is crucial. This page outlines our security and backup policies.
Chaaat Does Not Store Credit Card Information
Our system integrates with Stripe, which is a PCI compliant payment processor. When entering credit card information, a request is made directly to Stripe using SSL.
Access To All Chaaat’s Servers Is Secure
- Firewalls on all servers are set to default-deny.
- Database connections are only accepted from other Chaaat servers on the internal private subnet.
- All communication with servers (outside of public HTTP/HTTPS access) is over encrypted secure shell (SSH) and password authentication is disabled. SSH authentication is available only via public/private key authentication.
- All of Chaaat’s servers are hosted on Amazon Web Services (AWS)
Chaaat Servers And Software Are Running The Latest Versions Of Software And Security Patches
We strive to keep all server software on the latest version; however, when that is not possible, we do ensure that the latest security patches are installed and up-to-date
Chaaat Is Written To Protect Aganist Sql Injection Attacks
Chaaat is built on the NodeJS platform and uses all the built-in protections for sanitising query parameters in SQL statements.
Data Is Stored Securely
Data is hosted on Amazon EC2 and Amazon RDS with encryption enabled.
Avaibility
Chaaat runs two hot-hot server instances side by side with AWS meaning in the highly unlikely scenario there is a server outage, the back-up server is automatically enabled and there is no noticeable loss of service to any user of our applications. Each of AWS' server instances operate at a best-in-class “5 nines” or 99.999% uptime and availability. More can be read here;
https://aws.amazon.com/blogs/publicsector/achieving-five-nines-cloud-justice-public-safety/
Access To Chaaat Is Secure
All access to Chaaat is over a secure (SSL encrypted) connection.
Access Is Logged
All activity on a company is logged and is available in the “Audit Log” maintained for each company in the system.
Employee Security
All employees are required to sign a confidentiality agreement. Each employee is given a separate login to the system and all page requests are logged and backed up. Access to any identifiable information related to projects, contacts and deals is only available on the principle of least privilege and not available outside of the engineering team under any circumstances.
Backup Policy
Backups are stored offsite and are encrypted. Chaaat performs daily, weekly, and monthly backups of the entire system. These backups are made to Amazon S3 which stores data in multiple facilities and on multiple devices within each facility. Amazon S3 performs regular, systematic data integrity checks.
Pii And Cookies
Information about what we collect is outlined in our privacy policy at: https://www.chaaat.io/privacy-policy
Cookies are required for normal operation of Chaaat however, no PII is stored in any of the cookies that Chaaat uses.
For more information, you can reach our Privacy Officer / Data Protector Officer on privacy@yourpave.com
and Boost Sales with Our Dynamic Chat Automation Platform.
Registered Address:
Unit 1603, 16/F, The L Plaza,
367-375 Queen’s Road
Central, Sheung Wan 999077
Office Address:
Podium G/F-3/F,
Universal Building, 5-13 New Street,
Sheung Wan, Hong Kong
WhatsApp Chat link Generator
WhatsApp Chat Widget Generator
C
Registered Address:
Unit 1603, 16/F, The L Plaza,
367-375 Queen’s Road
Central, Sheung Wan 999077
Office Address:
Podium G/F-3/F,
Universal Building, 5-13 New streeet,
Sheung Wan, Hong Kong
© 2024, Chaaat.io
