Security Policy

The team at Where are committed to keeping your data secure and security is baked right into our product and development process.

  • Encryption: All data in transit is secured with Transport Level Security (TLS) and all API and client communications require HTTPS connections. All customer data is encrypted at rest including: email addresses, passwords, API keys and 3rd party integration keys.
  • Infrastructure: The Where backend and physical infrastructure is hosted and managed within Amazon's secure data centers and run on Amazon Web Service (AWS) technology - which undergoes regular assessments to assure compliance with industry standards. The Where web application is hosted on Amazon S3 and Cloudfront is used for distribution.
  • Reliability: We strive for 99.9% uptime and we have monitoring in place to notify the team of any incidents immediately
  • Compliance: Where is hosted on Amazon Web Services that holds rigorous industry security certifications, such as SOC 2 and ISO 27001. All payments made to us go through our payments provider, Stripe. Please the Stripe security page for all details about their security setup and PCI compliance.
  • Continuous delivery: We use continuous integration and automated deployments to build, test and release code multiple times a day.
  • Access to customer data: Customer data can only be accessed by a small and select group of individuals on our team. If it's necessary for the team to access sensitive customer data, we will only do so only after receiving written permission from the customer via email.