Security Policy

We understand the importance of keeping your data private and strive to do our very best in keeping your data secure and confidential.

If you would like more information on our other policies, we have Terms of Service and a Privacy Policy, additionally please contact us at [email protected].

Hosting

Void is primary hosted on Heroku and our user data is stored in Heroku Postgres. We make use of some additional Amazon Web Services products for data processing. You may review Heroku’s Security Policy for further information, needless to say it’s pretty state of the art, they are also PCI Level 1 compliant.

Our infrastructure is secured by a limited number of engineers who use two factor authentication.

All of our web traffic is encrypted with TLS using state of the art RSA 2048 bit keys, provided by Cloudflare and rated “A+” by Qualys SSL Labs (as of April 2018).

Software choices

Void has been developed by experienced engineers and has been build on top of quality open source software. The core Void application is built using Ruby on Rails 5 and follows industry best practises. The client side applications for Void are built using Vue.js and React Native.

We monitor our codebase for CVE’s automatically as part of our continuous deployment process and apply security patches as soon as we are made aware. We also monitor for application errors in realtime and all issues are immediately escalated to our engineering team.

Backup policy

Void’s data is backed up to multiple regions within the AWS system to prevent a single point of failure leading to data loss. Backups are stored for 30 days and then permanently deleted.