Security.
Security at Probe DEV
Probe DEV prides itself on placing a priority on security so that we can safely deliver results fast that are enjoyable to our customers. We have enacted several types of security procedures around our product, the making of it, and how we handle data that is produced. Our systems have facilitated over half a billion conversions for our customers while maintaining over 99% uptime, and we want to ensure that our customers and their customers feel safe and secure when using our service.
Contacting Probe DEV About Security
We ask that all security concerns, questions, and comments be directed by sending us an email ticket. Tickets categorized as security-related are triaged and remediated in an expedient manner. Our security team will be notified of the ticket and may respond directly with the person who contacted us.
Security Architecture
All Probe DEV systems are built with a defense-first approach, assuming that an attack can happen at any time. While our process ideally prevents attacks, we also work to mitigate the damage of an attack by separating systems from each other. Systems only contain the software for a single application (so-called "single-use systems") and never share the same system for different types of software.
Our systems are stateless and short-lived. All data on a system is intended to be sent to another system, and the system itself is not intended to be in operation for more than a week at a time (see Release Management for more detail). Our systems are also immutable, ensuring that neither the system configuration nor software installed on it are changed after the system has been put into operation. This ensures that we can quickly monitor system events for security incidents.
Network Protection
All Probe DEV servers are hosted inside a private virtual network within Amazon Web Services, which ensures communication between Probe DEV servers remains encrypted and separated from public Internet traffic. Communication between servers over external (or public) networks is always encrypted with industry-standard SSL.
Servers are only allowed to accept network communications on approved ports. All servers utilize a firewall to limit what incoming and outgoing connections they accept. Our servers have a "default deny" policy in place for any network communications.
Where possible, two-factor authentication and strong passwords are enforced when system or console access is required. This policy ensures that access to such systems are increasingly difficult to attack.
Logging and Monitoring
All systems write log data to a centralized logging storage system that utilizes a write-only policy. Log data cannot be altered or deleted in the log system. This log data is available for 1 year as per PCI compliance policies.
All systems generate events to a third-party service in a write-only event stream. This ensures that our applications and servers can be monitored without accessing systems, and ensures that our event data cannot be tampered with.
Data Resource Isolation
Probe DEV is a multi-tenant platform, where customer data is logically separated by a unique identifier and access control is strongly enforced at the application level. Permissions follow a least privilege process where explicit access to resources must be granted.
Since Probe DEV uses AWS for its infrastructure, each server is by default denied access to all other AWS resources unless explicitly approved. One environment cannot read from another environment. This is made available through extensive use of IAM policies with whitelisted permissions.
Service Providers
Probe DEV hosts all application services on Amazon Web Services (AWS). In addition, a Level 1 PCI-DSS compliant payment processor is used for handling credit card payments. Full credit card data passes between the customer browser and the payment processor, and is never sent to or accessible by Probe DEV.
Log data, which may contain sensitive information but not payment information, is stored with a third-party, centralized append-only log storage company. Only approved employees have access to logging data, for troubleshooting or auditing purposes.
All services providers are expected to be PCI compliant before the tendering process completes and their services are put into use.
Compliance Concerns
Probe DEV maintains the following compliance for its service:
- PCI: Probe DEV is a PCI Level 4 Merchant and has successfully completed all SAQ A-EP requirements. We process your credit card with a third party payment processor, and neither store nor access your full credit card details. PCI compliance helps customers understand that there are policies and procedures in place to securely process credit card data in our systems. This includes over 100 controls to secure, monitor, and audit our systems to prevent unauthorized access and tampering.
Any compliance certification not listed here is assumed to not be present or in use at Probe DEV.
As the regulatory and legislative landscape over EU data privacy evolves, we will always work to ensure that our customers can continue to enjoy the benefits of our services wherever they operate.
Probe DEV actively monitors the legislative and regulatory efforts surrounding EU data privacy that are being ratified, and will comply with those controls as applicable and as required by law.
Data Access
Policies and procedures are enforced so that only authorized employees are allowed to access customer data and other non-public data maintained at Probe DEV. Authorization is granted on a case-by-case basis based on business need. Access is revoked immediately in the event that an employee no longer has a business need to access data or in the event of termination.
Data Security at Rest
In accordance with our information security policy, all data is classified into levels that dictate their encryption requirements. The most sensitive data is always encrypted at rest and access it limited to authorized users with a business need.
Data Security in Transit
Access to the Probe DEV app always uses industry-standard SSL to secure the connection between your browser and our services. At no time is payment card data submitted through insecure communication methods.
Inter-system communication is always encrypted. This applies to communication between internal systems (Probe DEV-managed) or external systems (Probe DEV.communicating with other companies).
External Security Audits
We perform external penetration tests against our application to ensure that our security practices are providing a benefit to the security of our customers. The penetration tests are performed by an unbiased third-party security firm.
Any security audits, scans, or penetration tests that are not explicitly approved by Probe DEV are prohibited as part of our Acceptable Use Policy. This applies to all systems and services managed by Probe DEV. Persons running scans may be discoverable, in this case we will contact you directly and ask that you stop any further actions before pursuing legal options. This is because any unapproved scans may result in having the source IP address(es) banned to protect our systems and interfere with the service availability for other customers.
Incident Management / Response
All systems fail. At Probe DEV, we pride ourselves on expecting this eventuality and ensuring that the impact of the failure is minimized. We value our incident response skills on the ability to act quickly to recover from failure.
While we maintain over 99% uptime for our services, failures do happen so our customers are notified on http://status.probe.dev of any service disruptions.
Our employees follow incident response procedures carefully, and promote honest feedback sessions (post mortems) to learn why systems fail and how to prevent it from happening in the future.
Data Retention Policy
Customer data can only be deleted by the customer or with the customer's request. Data is removed from the system via a soft delete, a flag that renders the data invisible to the application, but otherwise retains the data in the database in the event it needs to be restored.
Data is also retained in backups as part of disaster recovery operations. If data is purged (hard deleted) from any system, it will remain in our backups for a short period of time (approximately 2 weeks).
Logs are kept for one year and may contain information that uniquely identifies customer data within our system. This log information is used for auditing and troubleshooting.
Bug Bounties and Other Programs
Probe DEV does not currently have a formal bug bounty for security researchers, nor does it participate in any other bounty programs. We are evaluating possible programs but, as of this writing, nothing is currently available and any situation is dealt with on a case-by-case basis. We would love to provide any security researcher with swag and other items as a token of our gratitude for helping to keep our systems and our customers safe.
For security-related inquiries, please contact us at security@probe.dev