Security

Project.co is an important application for our customers daily business requirements. It’s therefore extremely important to us that we are providing a safe and secure environment that our customers can rely on. This page sets out all the different ways in which we operate to make sure we’re providing an uninterrupted, reliable service with security as a major focus.

Your data

All non-file data is stored via MongoDB Atlas using Amazon Web Services (AWS) infrastructure. We use server replication to ensure data is always available even if one or more servers were to fail. We use continuous backups to ensure our backups are typically just a few seconds behind the operational system. This means that if we need to use a backup all data is up to date and quickly recoverable.

Data transfer

All data is transferred using HTTPS SHA-256 with RSA Encryption. We ensure that all default account URL’s have a valid SSL Certificates using a wildcard certificate. We use Let’s Encrypt to automate SLL Certificate creation for all custom domains. This means that all Project.co accounts are secured by HTTPS. The result of this is that any data you send in or out of Proejct.co is encrypted via HTTPS.

Passwords

User passwords are one-way encrypted using an industry leading algorithm; this means we do not have access to or keep any record of the original password on our server. This means that even if our database was compromised your original password would remain secure.

File storage

File data is stored in AWS S3 and accessed via AWS CloudFront using https encrypted links.

Hosting & infrastructure

We use Amazon Web Services (AWS) London datacenter for our infrastructure. This includes the use of Elastic Compute Cloud (EC2) technology.

The infrastructure that AWS provides is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:

• SOC 1/ISAE 3402, SOC 2, SOC 3
• FISMA, DIACAP, and FedRAMP
• ISO 9001, ISO 27001, ISO 27017, ISO 27018

Read more about AWS Security here: https://aws.amazon.com/security/

Billing

Project.co does not store your card details or process payments. We process all payments through Chargebee who are a PCI-DSS Level 1 Service Provider. All payments are made on secure, encrypted pages.

Account security

We use 10 character case sensitive alphanumeric passwords for all accounts as default. We use a strong authentication/authorisation pattern including one-way encrypted passwords. User access to each account is role based with each role having a set of core permissions. This means each user has a specific access level to each account and can only access the data allowed by their access level.

Legal

In addition to the security information included above you can see our data policies here:
Terms Of Service
Privacy Policy
Cookies Policy
Data Processing Agreement
Subprocessors

How to learn about Project.co…