Security

We keep your private data private

Microsoft Azure

Running on Microsoft Azure does not only make elmah.io run fast and scale to the daily needs. It also comes with a whole range of security features built-in:

  • DDoS Protection brings massive DDoS mitigation capacity to all of elmah.io.
  • 24-hour threat management protects the infrastructure and platform against malware, man-in-the-middle (MITM), and other threats.
  • Automatic updates and security patches.
  • Advanced access management with full changelogs.

Data Retention

When we use the word retention, we mean it. Where a lot of companies soft delete data to keep them around for statistical purposes, we never keep your data longer than specified in each plan. Keeping your data in the same period as you can see it through the UI, is what we want when using external systems too. Your data is forever yours and never shared with other users or third-party.

Encrypted

End to end encryption from a 256 bit encrypted SSL connection to encrypted data stores. We provide full encryption at rest to make sure that no-one else is watching.

PCI Compliance

With our PCI compliance, you can trust elmah.io with your credit card details. PCI is created by Visa, MasterCard, American Express, Discover, and JCB to ensure that we are running in a secure environment.

GDPR

We want to be 100% transparent about what personal data we collect and how we handle it. GDPR is something that we take very seriously, why we have a dedicated GDPR Commitment document available.

Penetration Tests

We use an external partner to carry out continuous penetration tests. Tests like these are essential to make sure that security bugs are found and fixed fast.

Two-Factor Authentication

All of the authentication mechanisms available to sign in to elmah.io supports two-factor authentication. We encourage everyone to enable two-factor using either Google Authenticator or Authy.

VPN

All of the internal communication on the elmah.io platform happens through a VPN. Connections are implemented using the SSTP VPN protocol, which allows for a reliable and secure tunnel between client and server. If a hacker would ever be able to penetrate the system, he/she will not be able to inspect the data sent between components.

Firewall

While most of elmah.io is running on various Microsoft Azure features, we still need virtual machines. All of the machines are using a firewall and only spoken to through a secure connection. Windows Firewall thoroughly blocks all undesired traffic and only allows connections from other elmah.io components. According to WatchGuard Technologies, Inc, Windows Firewall's default security policy can reduce or completely eliminate rogue Web, FTP, person to person and file transfer servers.