As a company that takes data security and privacy very seriously, we recognize that ahoy!’s information security practices are important to you. We don’t like to expose too much detail around our practices, as it can empower the very people we are protecting ourselves against. However, we realize that information security is imperative and our customers need to know that we are employing a security program to protect their information. To this end, we have outlined at a high level the measures we take to protect our customer’s data.
ahoy!'s credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard® Site Data Protection Program (SDP), and Discovery Information Security and Compliance (DISC).
Data Center Security
- We leverage Amazon Web Services (AWS) to provide infrastructure services to host our environment.
- By using AWS, ahoy! is able to take advantage of their sophisticated security environment, logging, identity and intrusion protection systems and focus on our software and your data.
- AWS has a robust DDOS team constantly monitoring their data centers.
Protection from Data Loss, Corruption
- All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other.
- Account data is mirrored and regularly backed up off site.
Application Level Security
- ahoy! account passwords are hashed. Our own staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
- All login pages pass data via TLS.
- The entire ahoy! application is encrypted with TLS.
- Logins have brute force protection.
- ahoy! encrypts with SSL, HTTPS, and TLS.
Internal IT Security, Protocol, and Education
- ahoy! offices are secured by keycard access, and they are monitored with cameras throughout.
- We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
- Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks prior to employment.
- All of our employees with access to confidential information or customer data are required to read and acknowledge our security policy for securing the integrity, confidentiality, and availability of customer data and protecting customer data against any unauthorized or unlawful acquisition, access, use, disclosure, or destruction.
- In order to protect our company from a variety of different losses, ahoy! has established a comprehensive insurance program. Coverage includes, but is not exclusive to: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, excess cyber liability coverage, property and business interruption coverage, as well as international commercial general liability coverage.
- We conduct annual security awareness training and quarterly threat briefings to ensure our team is aware of the latest attack trends.
- We conduct annual background checks on all of our employees.
- Our security team is involved throughout our development and operations processes and cycles to ensure we bake security into the product and environment.
We want to ensure that we’re sending emails that people want to receive. Therefore, we have a dedicated team to ensure we’re on the cutting edge of compliance and delivery. If we see accounts with signs of suspicious activity, we take immediate action. While we work hard to keep spam out of our system, if you see any spam being delivered from our platform, please contact us at firstname.lastname@example.org.
- We monitor and suspend accounts for signs of irregular or suspicious login activity.
- Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
- We provide the ability to establish tiered-levels of access within accounts.
Investing in Your Privacy
- Our Legal team partners with our developers and engineers to make sure our products and features comply with applicable international spam and privacy laws.
- We retain a leading international law firm to advise us on EU privacy issues, practices, and policies.
- ahoy! is GDPR-ready
If you’ve discovered a vulnerability in the ahoy! application, please don’t share it publicly. Instead, please submit a report to us via the process outlined below. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues. Every day, new security issues and attack vectors are created. ahoy! strives to stay on top of the latest security developments both internally and by working with external security researchers and companies. We appreciate the community’s efforts in creating a more secure web.
If you believe your account has been compromised or you are seeing suspicious activity on your account please email email@example.com.