Articles on: Account & Billing

How is security managed on Abyssale services?

Abyssale takes your security and the security of your website visitors very seriously. Our team implemented security best-practices at every level.

Security Practices In Our Team

Our whole team implements strict security practices regarding how they access their accounts:

Abyssale always refused to sell any data and our policy is to respect your data privacy. Our business model is based on paid Abyssale subscriptions. Not on your data
Our SSH keys are all password-protected
All Abyssale features are designed around security and reliability
Every computer running Abyssale development tools is secured and up to date
All Abyssale employees, agents, and providers are trained in data-security practices each year
Security policies are yearly reviewed for all employees and relevant subcontractors
All Abyssale employee computers are encrypted
No Abyssale employee computers are not storing customer data
We don't have any servers, security keys in our offices, this way we make sure that Abyssale, and your data is not at risk in case of an intrusion in our offices.
Abyssale uses encrypted backups so we are able to recover customer data in case of emergency

Infrastructure Hardening

Server hardening is also critical in ensuring the best security for our users.

Here are some of our practices in terms of infrastructure management:

All the servers and services are running latest security updates and patched immediately when a kernel vulnerability is published
Generating servers are hosted in IE Ireland
Our architecture is replicated in micro-services, ensuring service continuity in case of hardware failure
Our network is protected with firewalls
Our system runs an automated monitoring system allowing us to be aware of issues before those affects our customers.
Technical staff get notification on the slack app (computer, mobile app), so we are notified of incidents immediately
Abyssale infrastructure was designed to continue running as normal even in case of server incidents
All Abyssale domains are protected
Server authentication use protected SSH keys and direct password authentication is not possible

Data Security

Abyssale implements the GDPR regulation, that aims at protecting user data and providing a right to modify and delete such data, as well as to consent to data collection.

You can find our full GDPR-oriented privacy policy on our What's Abyssale EU GDPR compliance status? article (which applies to all our users, regardless of their location worldwide). This article lists the data we collect on our users, as well as their rights.

Vulnerability Disclosures

If you find any security hole in the Abyssale REST API (or any other system), you are more than welcome to report it directly to [email protected]

Updated on: 16/03/2022

Was this article helpful?

Share your feedback


Thank you!