Data Security & Privacy
At CHEQROOM, we are very aware of the Cyber and IT risks software entails. Therefore, taking the right security measures is incredibly important. Through penetration testing we make sure both our Cloud infrastructure and our applications are bulletproof and the data and privacy of our customers are protected by all means.
Through penetration testing, the implementations of our developers are validated on a security level before rolling them out on a production environment. As part of our secure software development life cycle, we perform multiple iterations of security tests for each major release enforcing confidentiality, integrity and availability.
Together with Cyrex, an international cyber security firm with a proven track record in the online gaming, financial and healthcare industry, we go the extra mile to create a safe digital haven for our partners.
Our application is built on a modern cloud infrastructure designed to ensure the safety of your data, and we’ve chosen proven third-party cloud providers like AWS, who have a consistently excellent track record.
Using AWS’ security by design implementations, we enforce the security maturity of our network infrastructure and its data in transit and at rest to safeguard our customers from hacking attempts.
The technologies we use do not only respect security principles and offer a multi-layered security architecture (edge of network, VPC, load balancing, every instance and compute service, OS, application and code), they enable us to track and trace in case of an incident. In this way our teams have full transparency enabling them to act in an efficient and adequate manner when issues arise.
Multi-tenancy means that a single instance of the software and its supporting infrastructure serves multiple customers. Each customer uses the software application and has a single database. Each tenant’s data is isolated and remains invisible to other tenants.
Multi-tenancy is considered a best practice within the application security field as it’s a crucial layer to minimize impact upon exploitation. All of our customers have a separate database, meaning your customer data is being segmented from other customers. In case of a breach, only one partner would be affected while your data remains untouched.
SAML Single Sign-on
SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
It improves the overall security of your company. You have full control over the password strength for your users. You can make strong and safe passwords mandatory. Besides that, you also have the option to enable multi-factor authentication (MFA) for Single Sign-On. This will reduce the chances of being hacked.
We enable permission levels within the app. When you invite team members or colleagues to your account, you can control who sees what by assigning them a user role.
We have an uptime of 99.9% or higher. You can check our past month stats at https://status.cheqroom.com/.
Network and Application Security
Data Hosting and Storage
CHEQROOM services and data are hosted in Amazon Web Services (AWS) facilities in the USA.
All data is stored in MongoDB databases. For sensitive fields (e.g. passwords) we store only their hashed values, so they are not clearly readable in the database.
Each account is isolated from other customers’ data in its own MongoDB database.
All billing-related information is not stored on CHEQROOM servers, instead cardholder data directly sent to our billing management service, Recurly, which is PCI-DSS Level 1 compliant.
All data storage at rest (permanent and temporary) is on encrypted Amazon EBS volumes. All data and associated keys are encrypted using the industry-standard AES-256 algorithm. The private keys remain in our European headquarters.
All data storage for backups is kept on Amazon S3 which takes care of durability, automatic encryption and SSL-only transfer.
System & Network Security
All servers are running a Linux distribution for which the security patches are applied on a regular basis.
All servers are hosted by Amazon Elastic Cloud Computing (EC2)6 and are spread across Regions and Availability Zones.
All servers are kept in Amazon Virtual Private Cloud (VPC)7 which isolates them logically from the rest of the Amazon Cloud.
All servers are protected by a firewall defined in Amazon Security Groups8, which authorizes inbound and outbound traffic.
All inbound traffic for CHEQROOM Web Servers uses HTTPS with SSL encryption.
All access to the Amazon Web Services (AWS) or its Management Console are protected with Multi-Factor Authentication.
Failover and DR
Data entered into CHEQROOM is backed up regularly. All backups are encrypted and stored at multiple offsite locations to ensure that they are available in the unlikely event that a restore is necessary.
Files uploaded to CHEQROOM as attachments are not backed up on the same schedule, and instead rely on Amazon S3’s internal redundancy mechanism.
All backups are immediately encrypted with 256-bit AES encryption using GNU Privacy Guard (“GPG”) with a password-protected symmetric cipher. Encrypted backups can only be decrypted by members of the CHEQROOM operations team who have received training and have been authorized to decrypt the backups.
All communication with the CHEQROOM Software (CHEQROOM API) is done over
SSL which encrypts the data sent over the wire using signatures with a
cryptographic hash algorithm (SHA-256 with RSA Encryption).
Incident Response Plan
Incident Response Team
The Incident Response Team is established to provide a quick, effective and orderly response to computer-related incidents such as virus infections, hacker attempts or break-ins, improper disclosure of confidential information to others, system service interruptions, breach of personal information and other events with serious information security implications.
The Incident Response Team’s missing is to prevent a serious loss of profits, public confidence or information assets by providing an immediate, effective and skillful response to any unexpected event involving computer information systems, networks or databases.
The Incident Response Team is authorized to take appropriate steps deemed necessary to contain, mitigate or resolve a computer security incident. The team is responsible for investigating suspected intrusion attempts or other security incidents in a timely, cost-effective manner and reporting findings to management and appropriate authorities if necessary.
The Incident Response Team will subscribe to various security industry services to stay up to date on relevant threats, vulnerabilities, or alerts from actual incidents.
Additional Security Features
CHEQROOM has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
All employee contracts include a confidentiality agreement.
All payments made to CHEQROOM go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page .