We keep your private data private
Running on Microsoft Azure does not only make elmah.io run fast and scale to the daily needs. It also comes with a whole range of security features built-in:
When we use the word retention, we mean it. Where a lot of companies soft delete data to keep them around for statistical purposes, we never keep your data longer than specified in each plan. Keeping your data in the same period as you can see it through the UI, is what we want when using external systems too. Your data is forever yours and never shared with other users or third-party.
End to end encryption from a 256 bit encrypted SSL connection to encrypted data stores. We provide full encryption at rest to make sure that no-one else is watching.
With our PCI compliance, you can trust elmah.io with your credit card details. PCI is created by Visa, MasterCard, American Express, and more to ensure that we are running in a secure environment. Reach out for a copy of our SAQ A.
We want to be 100% transparent about what personal data we collect and how we handle it. GDPR is something that we take very seriously, why we have a dedicated GDPR Commitment document available.
We use an external partner to carry out continuous penetration tests. Tests like these are essential to make sure that security bugs are found and fixed fast.
All of the authentication mechanisms available to sign in to elmah.io supports two-factor authentication. We encourage everyone to enable two-factor using either Google Authenticator or Authy.
All internal communication on the elmah.io platform takes place over private, isolated networks within Microsoft Azure using Virtual Network (VNet) Integration. By using Azure's secure networking infrastructure, we ensure that all traffic between components is routed through dedicated private channels. This architecture significantly reduces the risk of data interception and unauthorized access. VNet Integration provides a stable and high-performance connection between services, while communication between components is further protected using industry-standard encryption protocols such as TLS.
While most of elmah.io is running on various Microsoft Azure features, we still need virtual machines. All of the machines are using a firewall and only spoken to through a secure connection. Windows Firewall thoroughly blocks all undesired traffic and only allows connections from other elmah.io components. According to WatchGuard Technologies, Inc, Windows Firewall's default security policy can reduce or completely eliminate rogue Web, FTP, person to person and file transfer servers.
If you discover a potential security issue on elmah.io, please follow our Vulnerability Disclosure Program for details on scope, rules of engagement, and how to report responsibly.