UserVoice‘s hosting provider Softlayer is SSAE 16 certified.
SSAE 16 (Statement on Standards for Attestation Engagements) has replaced the Statement on Auditing Standards No. 70 (SAS 70) as the primary standard for reporting on controls at service organizations. It is an attestation standard issued by the American Institute of Certified Public Accountants (AICPA). Specifically, SSAE 16 addresses engagements conducted by service auditors on service organizations for purposes of reporting on the design of controls and their operating effectiveness. See Softlayer certifications.
Access to all UserVoice servers is secure.
- Firewalls (IPTables) on all servers are set to default-deny. The only services that are allowed are SSH (all servers; non-standard port) and HTTP/HTTPS (web servers only).
- Database connections are only accepted from other UserVoice servers on the internal private subnet. No other organization‘s servers reside on the UserVoice subnets at Softlayer.
- All communication with servers (outside of public HTTP/HTTPS access) is over encrypted secure shell (SSH) and password authentication is disabled. SSH authentication is available only via public/private key authentication.
- In-depth information on our SSL implementation is available via this Qualys SSL Report on UserVoice.
- A network diagram is available upon request.
UserVoice has addressed Heartbleed SSL vulnerabilities.
We addressed this issue on April 9, 2014. Confirmed by the Qualys SSL Report on UserVoice.
UserVoice servers and software are running the latest versions of software and security patches.
- We strive to keep all server software on the latest version; however, when that‘s not possible we do ensure that the latest security patches are installed/up to date. This is reviewed monthly (though patches are often installed as soon as they come out).
- We‘re running the latest version of Ruby on Rails 4.0 and we review/apply the latest security patches as they come out.
UserVoice is written to protect against SQL injection attacks.
UserVoice is built on the Ruby on Rails platform and uses all the built-in protections for sanitizing query parameters in SQL statements.
UserVoice is written to protect against cross-site scripting attacks (XSS).
Your password is stored securely
For performance reasons our database itself is not encrypted (though backups are; more on that below), but all user passwords are hashed using the SHA1 algorithm with salt. Hashing passwords is actually more secure than encrypting them, because that means we don’t have access to the original passwords, nor does anyone else. So even if our database is compromised, everyone’s passwords will stay secure.
Your access to UserVoice is secure
All access to your UserVoice admin console (yourdomain.uservoice.com/admin) is always over a secure (SSL encrypted) connection.
Your users access to UserVoice is secure
All widgets through which customers submit support tickets are also always over a secure SSL encrypted connection. Only your UserVoice site itself (yourdomain.uservoice.com) is not SSL-only, but you can force that to SSL-only on premium plans (though it does break domain aliasing, which is why we don’t provide it for everyone).
Access is logged.
Server access logs for auditing are kept for seven days. Access logs for web servers are kept for 30 days.
Data is co-mingled but secure.
UserVoice is a multi-tenant SaaS solution: customer data is co-mingled on the same database tables, but all data is scoped by an account ID to ensure that one account cannot access data of another account. Unit, functional, and integration tests are run continuously on our CI servers to ensure that it‘s not possible for account data to leak.
Development and test environments do not use customer data.
We use fake customer data in those environments.
Nightly backups are stored offsite and encrypted.
- A live backup is performed in near real-time with slave databases.
- Backups are always full backups of all tables in the UserVoice MySQL database.
- Backups do not include secondary data (like pageview tracking, denormalized reporting data) that is stored in various NoSQL systems (Mongo, Redis).
- Backups are done nightly and encrypted with a shared password and stored offsite.
- Backups are tested and restored daily.
- Backups are kept for 30 days.
- Backups are never kept on portable/removable media.
Deleted data is retained for up to 60 days.
All data that‘s deleted in the UserVoice system is soft deleted and can be recovered inside of 30 days. After 30 days that data is hard deleted and can only be recovered via full backup for another 30 days.