Security

If you're reading this article, we are really happy because it means that you take security very seriously, like we do.

As we don't want to expose too much information about our practices, all of the below information is publicly available and does not affect our security techniques.

1. Data center security

  • Fitssey's servers are placed in multiple world-class data centers located in Europe. Only well trained administrators with secured login key (we don't use passwords) have access to the data.

  • We periodically run a series of tests for our services on the servers to make sure they are always up and running.

  • We store encrypted backups of the database and files every couple of hours.

  • We have implemented DDoS protection on all our servers.

2. Application level security

  • All provided passwords are hashed. Nobody can decode them, even we can't. If you forget your password it must be reset.

  • Our website, login forms and traffic from your browser to our servers is encrypted with a TLS protocol.

  • We run thousands of tests every week to make sure that there are no bugs or vulnerabilities inside the application.

3. Employees

  • We continuously train our employees on best security practices, including how to identify social engineering, phishing scams and hackers.

  • Only highly trained administrators have access to sensitive data.

4. You

Although all of our securities, if your computer gets compromised and someone gets into your Fitssey account, it's not good news for any of us.

  • We monitor and will suspend accounts for signs of suspicious login activity or account behavior.

  • We review and may contact you about your account's anomalous activity.

  • We provide the possibility to set up roles to limit access to the application for your staff.

5. Reporting vulnerabilities

If you believe that you have found a security vulnerability in one of our services, please send it to [email protected] and include the following details with your report:

  • Description, and potential impact of the vulnerability.

  • A detailed description of the steps required to reproduce the vulnerability. If possible, please include screenshots, as they will help us identify the issues quicker.