Security Practices and Procedures at Welltravel
Date of Last Revision: January 1st, 2018
Security here at Welltravel is not taken lightly. Below, we'll outline both the physical and technical procedures we use to ensure your data is kept safe
Technical Security and Encryption
Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS. We protect your login from brute force attacks with rate limiting, and all passwords are filtered from all our logs and are one-way encrypted using industry standard bcrypt.
Security Through Coding Practices
Since so many security exploits take advantage of coding errors, part of security is having well-tested, well-reviewed code. At Welltravel, when code is written it requires at least 2 other developers to review the work before it makes it to our test servers. Once it's on our test servers, we make sure everything is working through a quality assurance process. When the code finally makes it to production it has had a lot of eyeballs on it. Developing this way means that it takes more time to get things done, but it also means that fewer mistakes get by.
Local Equipment Security
At the most basic level, our main physical space is locked and alarmed during off hours. In the event of a break-in, we may lose some expensive monitors, but since our servers don't reside in our buildings, they aren't vulnerable to smash-and-grab robberies. Customer data isn't on the laptops or stationary computers our employees use as they work. They connect over the the web using an encrypted connection (the same way your web browser does). Even still, local computers are password protected and encrypted.
Welltravel is a small company, so thankfully we are able to hire some brilliant people who care about its success. Our employee turnover is extremely low (especially for the tech industry). To protect company data, including customer data, all employees sign a non-disclosure agreement when hired.
We encourage all customers report any concerns of abuse, exploits, and other types of incidents on the following e-mail: firstname.lastname@example.org. These reports are immediately escalated to our advanced support team.
Lastly, a word about the culture here in general. Most of us who work at Welltravel are also users of our software. Our personal data is in the same database as our customers. To date, we've never had a breach or issue related to data theft. If that ever happened, we understand that the goodwill and reputation we've been building over the years would vanish. It would be a major blow to all of our personal careers. This is another reason we go to such lengths described above.