Keeping your data secure

Here’s what we do at Freckle to keep your data safe and sound.

Redundant protection against data loss

We’re using state-of-the-art RAID 10 data storage and make hourly backups of Freckle’s databases as well as daily full images of Freckle’s servers. These backups are saved encrypted on storage services off-site, and are regularly tested for integrity. We keep hourly backups for several months and monthly backups long-term. We also store live copies of all our log files off-site. Sensitive data like passwords or credit card numbers are never logged.

Your credit card data is safe

While we do not store your billing information on our servers, we fully comply with the PCI DSS. Your credit card data is securely submitted to a leading, fully PCI-compliant payment gateway provider. Additionally, Freckle is regularly scanned for known vulnerabilities by a leading provider of PCI compliance certification.

Always-on secure connections

Freckle uses always-on secure SSL connections for all accounts. We use a 2048-bit key and score an A+ on the Qualsys SSL Labs test (as of 03/2014). We have Perfect Forward Secrecy and Strict Transport Security enabled on supported browsers. Our session and “remember me” cookies use the secure and HTTP only flags. We regularly review our SSL configuration and make appropriate updates in case new SSL vulnerabilities are discovered.

Up-to-date infrastructure and patches

We keep our infrastructure updated with scheduled security maintenance updates, as well as applying any patches that are recommended to be rolled out immediately. We have measures in place to only allow maintenance access to our servers on a case-by-case basis, and have our network locked down with firewalls. For added security, our support system, as well as our main site (http://letsfreckle.com) is not hosted by the same servers or in the same network as the Freckle application.

Physical security

We host Freckle with one of the leading professional hosting companies, Rackspace. Rackspace provides excellent, state-of-the-art physical security, including two-factor biometric authentication, role-based secure sub-areas, closed-circuit 24x7x365 video surveillance and physical perimeter defense measures. This is in addition to redundant systems for climate control, conditioned power, routing and internet connectivity.

Monitoring and fast response

We use redundant, world-wide monitoring services to monitor Freckle’s infrastructure 24x7x365. Any errors, slow-downs or other abnormalities trigger automatic alarms and we pro-actively work on fixing any issues detected. We also pro-actively run automated scans of our servers for security issues and PCI compliance, provided by trusted 3rd-party compliance services. Should we detect issues with your account, we will contact the account owner by email.

Your data is yours, always

We don’t share your time tracking data with anyone and if you decide to cancel your account, we make it easy for you to download all your data. Please see our privacy policy for more details.

Reporting incidents

Please send urgent and/or sensitive security reports directly to [email protected]. Use our public key to securely send sensitive data to us and let us know how we can securely contact you. For any other questions, please contact us via our support email address.

Questions?

Please mail to [email protected].