Security at BotPenguin
Welcome to BotPenguin!
BotPenguin has agreements with third parties and has adopted other security measures in place to protect against the loss, misuse and/or unauthorized alteration of the information under our control or under the control of our service providers. Your personally identifiable information is protected by utilizing both online and offline security methods, including firewalls, passwords and restricted physical access to the places where your information is stored.
We host in world-class facilities.
All BotPenguin services and data are hosted in Amazon Web Services facilities in Frankfurt. Further details about the considerable measures Amazon take in securing their facilities and services can be found here:
We make daily backups of all user data.
As a safety measure, we make daily backups of all the data which are replicated to the other geographical location, so copies are stored at an off-site location for disaster recovery.
We encrypt your data in-transit.
All browser connections and communications are transmitted over SSL (TLS), ensuring data privacy and integrity.
We secure our networks.
All our environments are hosted in a Virtual Private Cloud (VPC) in Amazon Web Services. Our production networks are separated between public and internal services. No inbound internet traffic is allowed on the private subnets, and all application servers only reside in private subnets without public IP addresses.
We do not store payment details.
BotPenguin is not in the business of storing or processing payments. All payments made to BotPenguin goes through our partner, Stripe. All credit card data is encrypted by an SSL connection when transmitting to their PCI-Compliant network. Details about their security setup and PCI compliance can be found on Stripe's security page.
We use proactive security monitoring and auditing.
We collect application, infrastructure and systems logs in a centrally managed log repository for monitoring, troubleshooting, security reviews, and analysis by authorized personnel. Logs are preserved in accordance with regulatory requirements to assist in the case of a security incident.
We have external penetration tests performed regularly.
As part of our security strategy, we hire well-recognized security research firms to perform penetration tests on our platform. Vulnerabilities and findings are ranked and prioritized according to the severity.
This means we let security experts come in and try to break stuff, to help us find any weaknesses.
We never stop improving our product.
Stale software is boring. We update our software infrastructure on a regular basis to ensure the latest techniques and advances in technology are harnessed to keep your data secure, designs accessible, and your interest in BotPenguin.