Skip to main content
All CollectionsWorkspace & AdministrationSecurity & Compliance
How is security managed on Abyssale services?
How is security managed on Abyssale services?

Discover Abyssale's safety measures.. From team practices to infrastructure hardening, data security, and vulnerability reporting.

Guillaume Stigliani avatar
Written by Guillaume Stigliani
Updated over 10 months ago

Abyssale takes your security and the security of your website visitors very seriously. Our team implemented security best-practices at every level.

Security Practices In Our Team

Our whole team implements strict security practices regarding how they access their accounts:

  • Abyssale always refused to sell any data and our policy is to respect your data privacy.

  • Our business model is based on paid Abyssale subscriptions. Not on your data

  • Our SSH keys are all password-protected

  • All Abyssale features are designed around security and reliability

  • Every computer running Abyssale development tools is secured and up to date

  • All Abyssale employees, agents, and providers are trained in data-security practices each year

  • Security policies are yearly reviewed for all employees and relevant subcontractors

  • All Abyssale employee computers are encrypted

  • No Abyssale employee computers are not storing customer data

  • We don't have any servers, security keys in our offices, this way we make sure that

  • Abyssale, and your data is not at risk in case of an intrusion in our offices.

  • Abyssale uses encrypted backups so we are able to recover customer data in case of emergency


Infrastructure Hardening

Server hardening is also critical in ensuring the best security for our users.
​
​Here are some of our practices in terms of infrastructure management:

  • All the servers and services are running latest security updates and patched immediately when a kernel vulnerability is published

  • Generating servers are hosted in IE Ireland

  • Our architecture is replicated in micro-services, ensuring service continuity in case of hardware failure

  • Our network is protected with firewalls

  • Our system runs an automated monitoring system allowing us to be aware of issues before those affects our customers.

  • Technical staff get notification on the slack app (computer, mobile app), so we are notified of incidents immediately

  • Abyssale infrastructure was designed to continue running as normal even in case of server incidents

  • All Abyssale domains are protected

  • Server authentication use protected SSH keys and direct password authentication is not possible


Data Security

Abyssale implements the GDPR regulation, that aims at protecting user data and providing a right to modify and delete such data, as well as to consent to data collection.
​

Note : You can find our full GDPR-oriented privacy policy on our What's Abyssale EU GDPR compliance status? article (which applies to all our users, regardless of their location worldwide). This article lists the data we collect on our users, as well as their rights.


Vulnerability Disclosures

If you find any security hole in the Abyssale REST API (or any other system), you are more than welcome to report it directly to [email protected]

Did this answer your question?