Security

If you're reading this article, we are really happy because it means that you take security very seriously, like we do.

As we don't want to expose too much information about our practices, all of the below information is publicly available and does not affect our security techniques.

1. Data center security

  • Fitssey's servers are placed in multiple world-class data centers located in Europe. Only well trained administrators with secured login key (we don't use passwords) have access to the data.

  • We periodically run a series of tests for our services on the servers to make sure they are always up and running.

  • We store encrypted backups of the database and files every couple of hours.

  • We have implemented DDoS protection on all our servers.

2. Application level security

  • All provided passwords are hashed. Nobody can decode them, even we can't. If you forget your password it must be reset.

  • Our website, login forms and traffic from your browser to our servers is encrypted with a TLS protocol.

  • We run thousands of tests every week to make sure that there are no bugs or vulnerabilities inside the application.

3. PCI DSS Certificate

At Fitssey we hold payment security and data protection as our priority, this is why we are PCI DSS compliant. PCI DSS certificate (Payment Card Industry Data Security Standard) is a standard introduced by a global organization (PCI Security Standards Council) which maintains, evolves and promotes standards for the safety of cardholder data across the globe.

As required by the industry, all businesses involved in storage, processing or transmission of payment cards must follow a set of requirements for enhancing payment account data security.

What are the benefits of following the standardised PCI DSS procedures?

  • All processed data, such as sensitive payment card details are encrypted, securely transmitted and stored in line with security procedures and standards.

  • Servers are secure and constantly being monitored.

  • The risk of fraud and data breach is reduced to a minimum.

4. Employees

  • We continuously train our employees on best security practices, including how to identify social engineering, phishing scams and hackers.

  • Only highly trained administrators have access to customer data.

5. You

Although all of our securities, if your computer gets compromised and someone gets into your Fitssey account, it's not good news for any of us.

  • We monitor and will suspend accounts for signs of suspicious login activity or account behavior.

  • We review and may contact you about your account's anomalous activity.

  • We provide the possibility to set up roles to limit access to the application for your staff.

6. Reporting vulnerabilities

If you believe that you have found a security vulnerability in one of our services, please send it to [email protected] and include the following details with your report:

  • Description, and potential impact of the vulnerability.

  • A detailed description of the steps required to reproduce the vulnerability. If possible, please include screenshots, as they will help us identify the issues quicker.