Our Policies, Terms, and Legal Stuff

The big picture and the fine print. We work hard to make our policies clear and fair but, well, lawyers.

Coetic Security Overview

Coetic manages information security using the ISO/IEC 27001:2013 framework, which specifies the requirements for establishing, implementing, maintaining and continually improving a comprehensive information security management system and risk management capabilities.

Data Center Security

Coetic’s Service runs on the Heroku/Amazon Web Services global infrastructure platform.

AWS publishes an “Overview of Security Processes” whitepaper that serves as the reference material for this section. SOC 2 reports are available directly from AWS upon request.

Compliance

AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Additionally AWS also has assurance programs that provide templates and control mappings to help customers establish the compliance of their environments running on AWS against 20+ standards, including the HIPAA, CESG (UK), and Singapore Multi-tier Cloud Security (MTCS) standards.

p. 6 – “Introduction to AWS Security – July 2015”

Physical Security

AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

p. 8 – “Amazon Web Services: Overview of Security Processes – August 2015”

Environmental Security

AWS data center environmental controls include:

  • Fire detection and suppression systems
  • Redundant power systems, backed by Uninterruptible Power Supply units and generators
  • Climate and temperature controls
  • Active system monitoring

p. 8 – “Amazon Web Services: Overview of Security Processes – August 2015”

Your data is sent using HTTPS.

Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS. Project data, messages, emails, text documents and todos aren’t encrypted at rest — they are active in our database. Our backups of your data are encrypted using GPG.

We don’t store your billing information.

All credit card transactions are processed using Stripe’s secure encryption — the same level of encryption used by leading banks. For More information on Stripe’s privacy and information protection please visit their Privacy and Terms page.

Want to know more?

Submit a support request if you have other security questions and we’ll get back to you.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please send us an email at [email protected].

Coetic

We energize organizations to be great places to do meaningful work together. Our Strategic HR ToolKits make strong people practices smooth and effective.

The Coetic® name is the exclusive trademark of STRAmetrics, LLC. All rights in this web site and our software are reserved. Copyright © 2017 STRAmetrics, LLC.

MEET COETIC


FOLLOW US