Security Policy

Updated: March 18th, 2019

Overview

Protecting our customer’s data is the most important thing our Engineers do at Perdoo. Due to the nature of the data we store, our users have extremely high expectations when it comes to protecting their data. We understand how important the responsibility of safeguarding this data is to our customers and work hard every day to maintain that trust.

We highly recommend you to also read our Terms & Conditions and Privacy Policy to learn more about our commitment to providing security services.
Security Team

We spend a lot of time finding the best people, especially when it comes to our engineers. Our team includes people who have built highly secure enterprise mobile & web applications at companies ranging from startups to large public companies.
Infrastructure

Perdoo does not run our own routers, load balancers, DNS servers, or physical servers.

Perdoo runs all of its services in the cloud. All of these are hosted on Heroku, which is built on Amazon Web Services (AWS). Both services maintain multiple certifications for their data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website, AWS Compliance website and Heroku security policy.
Encryption

In Transit

Perdoo is served 100% over https. All data sent to or from Perdoo is encrypted in transit using 256 bit encryption, using SHA-256 with RSA Encryption and SHA-256 ECDSA as the key exchange mechanism. Our API and application endpoints are TLS/SSL only and score an “A” rating on SSL Labs’ tests. In addition, all connections from our application servers to our databases are TLS encrypted.

At Rest

All databases used by Perdoo are encrypted at rest, meaning that we also encrypt the database files on the hard disks themselves. Data encryption is deployed using industry standard encryption and best practices for the frameworks we use.

Credit card safety

As a paying Perdoo customer, we do not store any of your card information on our servers. We use Stripe and ChargeBee to handle this, both companies dedicated to storing your sensitive data on PCI-Compliant servers.

Employee access

We have two-factor authentication (2FA) and strong password policies for all services that our employees use. These include Slack, Intercom, AWS, Heroku, GitHub, Google. We also encrypt the hard drives on all the laptops used within Perdoo by our employees.

There is only one employee with access to the production databases: Our CTO. This is purely for Engineering purposes and access times are kept as low as possible.

Security Audits

Once a year we work with a well-regarded third-party auditor to check our systems for security vulnerabilities of any kind.

We use services like Papertrail and Rollbar to provide an audit trail over our infrastructure and the Perdoo application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.

Data

All customer data is stored in AWS data centres Ireland, so it never leaves Europe.

We store our customer data in multi-tenant databases. Generally speaking, we do not have individual databases for each customer, although we do offer this service to some of our enterprise clients. However strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing another customer’s data.

DESIGN YOUR OWN GOALS SYSTEM

Download a copy of Perdoo’s Goals System to have a closer look at what it takes to successfully use goals to realize your organization’s ambitions.

Included are:

A copy of Perdoo’s Goals System
The original source files (free for you to use to design your own Goals System)
A copy of our internal Wiki that explains our Goals System to our employees
A copy of our internal Wiki that shows how we use Perdoo in our monthly all-hands

UNLOCK YOUR TEAM’S POTENTIAL

Download our free eBook and learn what it takes to create a focused, goal-driven, and top-achieving workforce. The insights are based on 70 years of goal management theory and practical experience in helping hundreds of companies successfully manage their OKRs.

What you can expect:

Learn how to set goals like Google, Intel, Twitter & Co.
Keep your workforce motivated, focused, productive, and aligned
Get hands-on criteria and checklists for setting great OKRs

LEARN HOW!

Download our free guide and learn how to create awesome OKRs for Customer Service Teams.

The guide contains a quick introduction, a recap on the theory of OKR and practical examples of the kinds of Objectives and Key Results Customer Service Teams can use to achieve exceptional success.

What you’ll learn:

How OKRs for Customer Service Teams can improve performance
Common criteria for creating Customer Service OKRs
Common metrics used for Customer Service Key Results

LEARN HOW

Download our free guide and learn what it takes to create awesome OKRs for Sales Teams.

The guide contains a quick introduction, a recap of the theory of OKR and practical examples of the kinds of Objectives and Key Results Sales Teams can use to achieve exceptional success.

What you’ll learn:

How OKR can help you focus on winning more deals
Common Sales metrics for Key Results
Examples of Sales OKRs

LEARN HOW!

Download our free guide and learn what it takes to create awesome OKRs for Marketing Teams.

The guide contains a quick introduction, a recap of the theory of OKR and practical examples of the kinds of Objectives and Key Results Marketing Teams can use to achieve exceptional success.

What you’ll learn:

How OKR can take the pressure off and help you focus on marketing that delivers results
Common marketing metrics for Key Results
Examples of Marketing OKRs

Security Policy

Overview

Security Team

Infrastructure

Encryption

In Transit

At Rest

Credit card safety

Employee access

Security Audits

Data