Say hello View the video
Menu

Ads and Insights From Social Interest Data

Security at 140 Proof

Reporting security problems

We appreciate your concern. Send urgent or sensitive reports directly to security@140proof.com.  Use our PGP public key  to keep your message safe and please provide us with a secure way to respond. We’ll get back to you as soon as we can, usually within 24 hours. Please follow up or ping us on Twitter  if you don’t hear back. For requests that aren’t urgent or sensitive: please email hello@140proof.com.

Tracking and disclosing security issues.

We work with security researchers to keep up with the state-of-the-art in web security. Have you discovered a web security flaw that might impact us? Please let us know. If you submit a report, here’s what will happen:

  • We’ll acknowledge your report & tell you the best way to track the status of your issue.
  • We’ll investigate the issue and determine how it impacts our products. We won’t disclose issues until our investigation is finished, but we’ll work with you to ensure we fully understand the issue.
  • Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery.

We ask for your patience while we also make sure other companies and their customers are protected. Either way, you’ll always have a 140 Proof contact for your issue.

Data Center Security

140 Proof’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Privacy

140 Proof has a published privacy policy that clearly defines what data is collected and how it is used. 140 Proof is committed to customer privacy and integrity.

We takes steps to protect the privacy of our customers and protect data stored within the platform. Some of the protections inherent to 140 Proof’s services include authentication, access controls, data transport encryption, HTTPS support for sensitive APIs, and the ability for customers to encrypt stored reports.

For additional information see: 140 Proof Privacy

Physical Security

140 Proof utilizes ISO 27001 and FISMA certified data centers managed by Amazon.

Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

For additional information, see: aws.amazon.com/security