We take security seriously
Following industry best practices, we've taken certain measures to ensure the safety and reliability not only of our platform, but infrastructure, network, and application level too. Our use of advanced technologies safeguards secure traffic and data storage to protect your personal information from falling into the wrong hands.
How we ensure reliability & product security
- Enforcing password complexity standards, ensuring credentials are encrypted when stored in the database.
- Leveraging world-class authentication functionality through OAuth 2.0 protocol.
- Monitoring all incoming traffic and automatically blocking any malicious activity.
- Average uptime of 99,9%. Any system-related issues are reported and updated on our status page.
- We utilize Google's global network, ensuring the fastest and most stable infrastructure for our platform.
Our network and application security measures
- Using 256-bit encryption and utilizing SSL/TLS to ensure data cannot be read by third parties.
- Built with disaster recovery in mind, all our infrastructure runs in at least 2 instances. Automatic disaster recovery ensures that a new instance is initialized when one of the instances crashes.
- All services and data are hosted in Google Cloud Platform (GCP) facilities (eu-west1) in Europe.
- Our infrastructure is within our own Virtual Private Cloud (VPC) that prevents unauthorized requests to our data or servers.
- Database backups every 2 hours are retained for up to 12 months.
- Detailed security audits are performed quarterly by an external specialized company on our application and infrastructure.
- Executing thorough PEN tests including assessment of OWASP10 vulnerabilities.
The security measures we take
- Incidents protocol includes escalation procedures and post-mortems.
- Only working with trusted partners that have ISO, SOC2, and PCI compliance.
- No elevated permissions are given by Rodeo offices to avoid social engineering.
- Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies for all our internal systems and applications.