Our Approach to Security
We are very committed to being transparent about our security practices and helping you understand our approach.
Organizational SecurityGoodtime.io has established an industry-leading security program, dedicated to ensuring customers have the highest confidence in our custodianship of their data. Our security program is aligned to the ISO 27000 standards and is regularly audited and assessed by third parties and customers
Physical SecurityWe are hosted on Heroku and AWS who provides robust, physical data center security and environmental controls.
Data EncryptionAll of our Goodtime.io customer data is encrypted at rest and in transit. We do not allow insecure protocols and we encrypt our backups as well.
Data PrivacyWe only collect and process the information that our customers provide us. A customer owns the content that is submitted. The customer controls all the content that is submitted. We only use customer data to provide the service; we don't look into your account without your permission.
Data OwnershipYour data belongs to you. We won't delete data in your account without giving you time to export it.
Data SecurityWe host your data in a secure database properly hardened and segregated from non-production environments. All access to the database is tightly controlled and locked down.
Reporting RequirementsData security incidents need to be reported to the company's security team immediately. Affected customers or partners need to be notified within 48 hours of the incident and provided a copy of the incident report on request.
Disaster RecoveryWe regularly back up your data and have defined RTO and RPO and we test the backups on a frequent basis.
Security and Privacy TrainingDuring their tenure, all workers are required to complete a refresh of privacy and security training at least annually. They are also required to acknowledge that they’ve read and will follow Goodtime.io’s information security policies at least annually.
Audits, Compliance and 3rd Party AssessmentsGoodtime.io operates a comprehensive information security program designed to address the vast majority of the requirements of common security standards.
SOC 2 Type I ReportGoodtime’s SOC2 Type I Report verifies our internal controls relevant to the Security, Availability and Confidentiality of the information processed by our systems. The report was issued January 31, 2020.
Sai Ramanan Advisor and Chief Information Security Officer former Head of Security at Quora