Security of your data is our top priority. We strive to maintain industry-leading security and privacy practices. If you have any specific concerns beyond the scope of this page, please contact us at email@example.com
Meeting Info's infrastructure is provided by Amazon Web Services, which is certified for compliance with ISO 27001, ISO 27017, ISO 27018, PCI DSS, as well as audited against the AICPA SOC 2 and AICPA SOC 3 standards. Read the details.
Encryption at-rest. All data is encrypted before it is written to disk using AES-256 bit encryption.
HTTPS. All data you exchange with our app is transmitted over SSL. Data we collect from 3rd-party services on your behalf is also fetched over SSL. If you have any concern about how we connect to a specific data source, please contact us.
Penetration Testing. The Meeting Info platform undergoes regularly scheduled black-box penetration testing, at both the application and infrastructure-levels.
Automated Security Scans. We use automated scanning tools to continually scan our application and infrastructure for vulnerabilities. We utilize source-code level scanners to identify vulnerabilities in any dependencies.
Limit processing to Meta-data. We don’t listen to your meetings! Wherever possible, we only meta-data about your meetings – not the content of the meetings itself. Thus if our systems were ever compromised, you don't have anything worry about – as we don’t have a copy of your meetings.
Single-sign-on with G Suite or Azure Active Directory. We rely on 3rd party corporate user directories integrations to authenticate your employees, rather than giving them a Meeting Info-specific password. This means any user you de-provision from your organization’s directory will lose access to your Meeting Info account, without any additional work on your part. And we never see a password that they may have re-used in another tool.
OAuth 2. Wherever possible, we use OAuth 2.0 to access data from your integrations – it’s a widely accepted standard flow for securing authorizing 3rd-parties such as Meeting Info to access your data in other SaaS tools. Generally, this means that you may revoke our access to your data from those tools at any time.
We don’t store sensitive payment information. We use Braintree, a certified PCI Level 1 Service Provider, to process payments you make through Meeting Info. We don’t retain any customer payment information.
Multi-Factor Authentication. Access to our production infrastructure is tightly restricted to senior personnel, who must have strong passwords and utilize Multi-Factor Authentication.
Platform-as-a-Service Architecture. Our application is architected to run on top of platform-as-a-service infrastructure. We deploy our application as small bundle of source code and configuration files into sandboxed webservers that are distributed across standardized, hardened virtual machines. The webservers and virtual machines are maintained and operated by Amazon. This greatly limits potential intrusion points. You aren’t depending on us to keep components such as kernels, web-servers, packages, etc up-to-date with the latest security patches – you’re trusting Amazon.
Separation of Responsibilities. All source code that processes your data is subject to peer-review, requiring sign-off from a second engineer before it can be deployed into our production environment. We operate distinct production, staging, and development stacks of infrastructure, to enable robust testing of our application before it touches your data.
Security Audits. We perform annual internal audits for compliance with our security policies and procedures. These audits drive continuous improvement in our practices.
If you require any additional information on our security practices, please contact us at firstname.lastname@example.org. We can provide Private Cloud deployments that may meet your needs, as well as providing detailed documentation and compliance of our security practices under NDA.