Security Policy
Last updated: April 28, 2021
We understand the importance of keeping your data private and strive to do our very best in keeping your data secure and confidential.
If you would like more information on our other policies, we have Terms and Conditions and a Privacy Policy, additionally please contact us at support@happi.team.
Hosting
Happi is primarily hosted on Heroku and our data is stored in Heroku Postgres. We make use of some additional Amazon Web Services products for file storage and content delivery. You may review Heroku’s Security Policy for further information, needless to say it’s pretty state of the art, they are also PCI Level 1 compliant.
Our infrastructure is secured by a limited number of engineers who use two-factor authentication.
All of our web traffic is encrypted with TLS using state of the art RSA 2048 bit keys, provided by Lets Encrypt and rated “A+” by Qualys SSL Labs (as of March 2021).
Software choices
Happi has been developed by experienced engineers and has been built on top of quality open-source software. The core application is built using Ruby on Rails and follows industry best practises.
We monitor our codebase for CVE’s automatically as part of our continuous deployment process and apply security patches as soon as we are made aware. We also monitor for application errors in realtime and all issues are immediately escalated to our engineering team.
Backup policy
Happi’s data is backed up to multiple regions within the AWS system to prevent a single point of failure leading to data loss. Backups are stored for 30 days and then permanently deleted.