Security is something we think and breathe every time we’re implementing a feature or using a service. We have an extremely high bar for keeping data secure and continually audit and update our processes to make sure your data is never compromised.



We use Amazon Web Service

AWS sets the industry standard when it comes to security, policies, and architecture. We trust them with our servers along with hundreds of millions of other companies, including Netflix, LinkedIn, AirBnB. We restrict access and communication to and from these servers to the minimum required to use our product.


Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network.


Two Factor Authentication

Everyone on our team has two-factor authentication setup for their accounts where possible, which means that nobody can access their accounts without a security code sent to our mobile devices at the time of attempted login.


Storing your passwords

We never store passwords in plain text. All passwords are salted and then hashed before they are stored.


Encryption

All communication between your computer and Pathmonk is encrypted using industry standard HTTPS/SSL.


Payment info

All payments made to Pathmonk go through our partner, Stripe, We do not store your payment information directly. Details about Stripe security setup and compliance, which follows industry standards and PCI compliance can be found here.


Authentication/access

We authenticate access to Pathmonk & Pathmonk API services using revocable access tokens. Contact us immediately if you have reason to believe any access tokens may have been compromised.


Pentests and Vulnerability Scanning

Pathmonk uses third party security tools to continuously scan for vulnerabilities. Our security team responds to issues raised. We actively engage third-party security experts to perform detailed penetration tests to maintain Pathmonk application and infrastructure high bar.


Incident Response

Pathmonk implements a protocol for handling security events which includes escalation procedures and rapid mitigation. All employees are informed of our policies.


Additional Security features

Training

All employees complete Security and Awareness training annually.

Policies

Pathmonk has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Confidentiality

All employee contracts include a confidentiality agreement.


Security questions?

If you think you may have found a security vulnerability, please get in touch with our security team at security@pathmonk.com.