Since our business deals with not just restaurant customer feedback, but also feedback for medical clinics, dentist offices, banks, and other businesses where highly sensitive information could be transferred, we've taken steps to increase security measures beyond our already paranoid security measures.
This article outlines most of what we have in place. Some are new and some have been in place for years. We aren't outlining all of our security measures for operational security purposes.
Our entire website protected by SSL/TLS (even on this blog). We use RSA encryption with a 2048 bit key size. RSA uses an asymmetric key encryption system that is based on the difficulty of factoring extremely large composites of prime numbers. What does that mean? It's strong.
We also encrypt our entire database. So if a hacker ever obtained access to the database, all the data is encrypted with the industry standard AES-256 encryption algorithm. AES became effective as a federal government standard in 2002. AES is the first (and only) publicly accessible cipher approved by the National Security Agency (NSA) for top secret information.
You are the only one who knows your password. We don't even know your password. Due to our secure storage measures, passwords cannot be retrieved on our end. If you forget your password, you can always request a reset. We'll never ask you for your password.
Request Forgery Protection
The cookie that identifies you is in secure mode, which means that if you ended up on the non-secure version of our site (which is somewhat impossible since we redirect you automatically to the secure version), your browser won't send your authentication cookie. It's the power of browsers and our website working together to protect you :)
When your browser requests pages and other assets from our servers, we send 4 special response headers that tell your browser the security measures we expect it to take.
This causes the browser to trigger special security protections that are built into the browser. Websites that don't send these headers are treated in a less secure manner, which can lead to multiple vulnerabilities.
We perform regular security scans (we won't provide details, that's part of our security protocol), but here's a recent grade from one of our scans:
You can feel safe working with us. We'll always work hard to never lose your trust!