Communications to our web services occur via HTTPS, to ensure privacy and confidentiality of your data. Secure from the beginning is our motto: that is why we only provide our website via HTTPS.
Session cookies are set the highest level of security (HttpOnly, Secure flag), protecting against CSRF/XSS attacks.
Regular audits, vulnerability and security scans are performed, to test our security defenses. We have security monitoring in place and use our own tooling Lynis Enterprise.
All downloads are available via HTTPS, ensuring you download comes from our systems. Additionally we provide a hash (fingerprint) of the download and a digital signature. The hash can be used to validate the integrity of the file. The digital signature validates that we are the ones who released it. We apply these signatures also to our software repository.
We are experts in system auditing. So we test our environment on a regular basis and apply security controls. This includes system hardening, software patch management, and log reviews.
Although we are interested in our customers, we avoid collecting personal information as much as possible. Only basic information is stored to process trial requests and orders. Payment details are processed by a PCI compliant 3rd party Stripe.
When data is no longer, we simply delete it. Hoarding is not our thing, especially not when it comes to sensitive data. We do however make backups. They are encrypted and stored in different undisclosed locations, both online and offline.
When you discover an issue with our site or products, we encourage you to use responsible disclosure. We respect your privacy, so you can report issues anonymously. Use email@example.com for reporting any security issues. If you want to use PGP signed communications, email our founder Michael Boelen.
Protect yourself: Don't break the law.
See our public security policy for more details about how we do security management.
We thank the following people for providing tips and suggestions to make our services more secure.