Security

Your security in our hands

Customer data

Employee Access to Customer Data

No Reconmap staff will access customer data unless required for support reasons, or responding to an incident. In cases where staff must customer data in order to perform support, we will get your explicit consent each time, except when responding to a security issue or suspected abuse.

When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum files and settings needed to resolve your issue. Staff does not have direct access to your data.

Product security

Permissions

Our product provides role-based access control for authorization, allowing you to control who can access application settings and features.

Password and Credential Storage

Reconmap enforces a password complexity standard and credentials are salted and encrypted using BCrypt.

Uptime

Our systems have uptime of 99% or higher, and we proactively post status updates for production incidents. You can check our current and historic status at https://reconmap.instatus.com/.

Network and application Security

Data Hosting and Storage

Reconmap hosts its infrastructure and data in Digital Ocean and Amazon Web Services (AWS). We follow DO and AWS’ best practices which allows us to take advantage from their secured, distributed, fault tolerant environment. To find out more information about AWS security practices, see: https://aws.amazon.com/security/.

Failover and Disaster Recovery

Our systems were designed and built with disaster recovery in mind. Our infrastructure and data are spread across three AWS availability zones and systems will continue to work should any one of those data centers fail.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access controls that prevent unauthorized connections to internal resources.

Back Ups and Monitoring

Reconmap uses automation to backup all datastores that contain customer data. On an application level, we produce audit logs for all activity, forward logs to centralized storage for analysis, and use AWS S3 and AWS Glacier for archival purposes.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. All access to the Reconmap websites is restricted to HTTPS encrypted connections.

Reconmap enforces policies that requires strong password policies and 2-factor authentication (2FA) on GitHub, Google and AWS to ensure access to cloud services are protected.

Encryption

All data sent to or from Reconmap systems is encrypted in transit. Sensitive data such as tokens and credentials are stored in a secured database, salted and encrypted.

Pentests and Vulnerability Scanning

Reconmap uses third party security tools to continuously scan for vulnerabilities. We regularly engage third-party security to perform thorough penetration tests on our application and infrastructure.

Incident Response

Reconmap implements an Incident Response Policy for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Additional Security Information

Training

All Reconmap employees complete security awareness training annually.

Policies

Reconmap has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting

Reconmap performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Confidentiality

All employee contracts include a confidentiality agreement.

PCI Obligations

When you purchase a paid Reconmap subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe's security information is available online.

Reporting An Issue

Your input and feedback on our security as well as responsible disclosure is always appreciated. If you've discovered a security concern, please email us at security@reconmap.com. We'll work with you to make sure we understand the issue and address it. We consider security correspondence and vulnerabilities our highest priorities and will work to promptly address any issues that arise.

Please act in good faith towards our users' privacy and data during this process. White hat researchers are always appreciated and we won't take legal action against you if act accordingly.