Running on Microsoft Azure does not only make elmah.io run fast and scale to the daily needs. It also comes with a whole range of security features built-in:
When we use the word retention, we mean it. Where a lot of companies soft delete data to keep them around for statistical purposes, we never keep your data longer than specified in each plan. Keeping your data in the same period as you can see it through the UI, is what we want when using external systems too. Your data is forever yours and never shared with other users or third-party.
End to end encryption from a 256 bit encrypted SSL connection to encrypted data stores. We provide full encryption at rest to make sure that no-one else is watching.
With our PCI compliance, you can trust elmah.io with your credit card details. PCI is created by Visa, MasterCard, American Express, and more to ensure that we are running in a secure environment. Reach out for a copy of our SAQ A.
We want to be 100% transparent about what personal data we collect and how we handle it. GDPR is something that we take very seriously, why we have a dedicated GDPR Commitment document available.
We use an external partner to carry out continuous penetration tests. Tests like these are essential to make sure that security bugs are found and fixed fast. Inspect the recent test results on security.elmah.io.
All of the authentication mechanisms available to sign in to elmah.io supports two-factor authentication. We encourage everyone to enable two-factor using either Google Authenticator or Authy.
All of the internal communication on the elmah.io platform happens through a VPN. Connections are implemented using the SSTP VPN protocol, which allows for a reliable and secure tunnel between client and server. If a hacker would ever be able to penetrate the system, he/she will not be able to inspect the data sent between components.
While most of elmah.io is running on various Microsoft Azure features, we still need virtual machines. All of the machines are using a firewall and only spoken to through a secure connection. Windows Firewall thoroughly blocks all undesired traffic and only allows connections from other elmah.io components. According to WatchGuard Technologies, Inc, Windows Firewall's default security policy can reduce or completely eliminate rogue Web, FTP, person to person and file transfer servers.
If you find security issues on elmah.io, feel free to contact us. We don't have any official security bug bounty program, but we do honor security researchers from time to time. Please don't reach out with automated messages or results from free online scanners.