iReformat is a multi-tenant Cloud based Software as a Service application. We have been thinking about security from the outset of the development. We have a single database hosting the data for all the clients, each client will have a client id. This client id is associated with each row in the database. We have put a lot of testing to make sure that each client can only access their data at all times. Every query by default will have the client id.
Another important thing we have done to ensure that the data is secure is, other than safeguards to prevent access to the database, we have also encrypted all confidential client data, so that we do not get into issues like the recent attacks against some of the big companies like Home Depot, Target and a host of other companies. I cannot disclose all the details about our encryption strategy, but will share with anyone interested to know how we are doing it.
Other than the SSL and the safeguards for SQL Injection, XSS and XSRF, we have hardened the application for a host of other issues. We feel confident about the security we are providing for our clients data, and we want to keep up the good faith and trust placed by our clients by signing up for our service.
We also have the ability to lock out an user automatically, if they try to access any data that does not belong to their account, as well as try to breach the security. Once the user is locked out due to illegal activity, the Client Administrator cannot unlock that account, they have to call the iReformat Administrator and explain their activity before allowing access again.
We also do not store credit card and billing information on our site, since we are using the Chargify Subscription Billing service.
I just wanted to provide an overview of the security safeguards we have put in place for the clients data today.
Please reach out to me if you have any questions regarding any of our security practices or questions or concerns you may have.