Third Party Services

  • Pusher
    • Used for web sockets, real-time functionality
    • No dynamic script tag--client library is compiled at build time and version locked
    • Has no access to sensitive data in any form

  • Stripe

    • Used for billing, PCI compliant credit card storage

    • Document containing external stripe.js javascript is loaded in a separate window with nodeIntegration: false, meaning it has no access to the main window and therefore no access to sensitive data in any form.

  • Sendgrid

    • Used for email delivery
    • Only sensitive data sent are Sign In/Sign Up/Invite Tokens, which aren't involved in decryption--therefore it never has access to configuration data in plain text.

  • Airbrake

    • Used for error monitoring
    • No sensitive data is sent in any form--tokens and encrypted configuration data are stripped from error reports

  • LogDNA

    • Used for log aggregation
    • No sensitive data is sent in any form--tokens and encrypted configuration data are stripped from logs

  • AWS

    • Encrypted config is stored in high availability RDS database
    • Encrypted config is also backed up to S3 in eu-west-1 region for redundancy
    • AWS never has access to config in plain text

  • Github

    • Used for source code hosting, collaboration
    • No sensitive data is stored in git or on Github

results matching ""

    No results matching ""