Goodtime.io has established an industry-leading security program, dedicated to ensuring customers have the highest confidence in our custodianship of their data. Our security program is aligned to the ISO 27000 standards and is regularly audited and assessed by third parties and customers
We are hosted on Heroku and AWS who provides robust, physical data center security and environmental controls.
All of our Goodtime.io customer data is encrypted at rest and in transit. We do not allow insecure protocols and we encrypt our backups as well.
We only collect and process the information that our customers provide us. A customer owns the content that is submitted. The customer controls all the content that is submitted. We only use customer data to provide the service; we don't look into your account without your permission.
Your data belongs to you. We won't delete data in your account without giving you time to export it.
We host your data in a secure database properly hardened and segregated from non-production environments. All access to the database is tightly controlled and locked down.
Data security incidents need to be reported to the company's security team immediately. Affected customers or partners need to be notified within 48 hours of the incident and provided a copy of the incident report on request.
We regularly back up your data and have defined RTO and RPO and we test the backups on a frequent basis.
Security and Privacy Training
During their tenure, all workers are required to complete a refresh of privacy and security training at least annually. They are also required to acknowledge that they’ve read and will follow Goodtime.io’s information security policies at least annually.
Audits, Compliance and 3rd Party Assessments
Goodtime.io operates a comprehensive information security program designed to address the vast majority of the requirements of common security standards.
SOC 2 Type I Report
Goodtime’s SOC2 Type I Report verifies our internal controls relevant to the Security, Availability and Confidentiality of the information processed by our systems. The report was issued January 31, 2020.
Advisor and Chief Information Security Officer
former Head of Security at Quora