How is data encrypted? Are records in the database encrypted?

All data in Fidu is encrypted during transit using industry-standard SSL and TLS encryption.

All data is encrypted at rest with AES-256 storage encryption.

Sensitive data like client details, form details, submissions, user accounts, and contracts, among others, has an additional level of encryption with unique encryption keys generated per Fidu customer, where the key is not stored on the same server as the data is stored.

Do you have DDoS protection?

Our infrastructure includes DDoS protection provided by Cloudflare.

Where will our data be hosted?

Data is hosted with Amazon AWS via Heroku.  You can read more about Heroku’s security practices here.

What monitoring is in place? How do you monitor for service integrity, and vulnerabilities?

Fidu’s internal and external services are continuously monitored for uptime and speed.  Upon any degradation or outage, appropriate team members are immediately notified via SMS, phone, and email.

How frequently are database backups performed?

Database backups are performed daily and retained for a minimum of 7 days.

Is production data used in test and development environments?

Production data is never used in test or development environments.

Production data access is highly controlled, restricted, and monitored.

Do you use cookies?  If so, what data is used?

We use cookies for authentication or for tracking specific workflows.  Cookies are encrypted, and never include personal information of any kind.

I found a a security issue or vulnerability.  How do I report it to you?

Please report to security@fidulegal.com.