Hello Alice Security Statement
Updated: July 2, 2021
Protection from Data Loss, Corruption
- All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other.
- All data is encrypted at rest.
- Account data is mirrored and regularly backed up off site.
Application Level Security
- Hello Alice account passwords are hashed. Our own staff can’t even view them. If you lose your password, it can’t be retrieved—it must be reset.
- All login pages pass data via TLS 1.3.
- The entire Hello Alice application is encrypted with TLS 1.3.
- Login pages and logins via the Hello Alice API have brute force protection.
- We perform regular external security penetration tests throughout the year using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
Internal IT Security
- We have a dedicated internal security team that constantly monitors our environment for vulnerabilities. They perform penetration testing and social engineering exercises on our environment and our employees.
Internal Protocol and Education
- We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
- Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and background checks prior to employment.
- All employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data.
- In order to protect our company from a variety of different losses, Hello Alice has established a comprehensive insurance program. Coverage includes, but is not exclusive to: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, excess cyber liability coverage, property and business interruption coverage, as well as international commercial general liability coverage.
SOC II Compliant PCI DSS Certification
Hello Alice, our credit card processor, and all of our key vendors use security measures to protect your information both during any transaction and after it is complete. Our vendors are certified as compliant with card association security initiatives. We also perform annual SOC II audits.
We provide our SOC II Report upon request.
Protecting Ourselves Against You
We take measures to secure ourselves, but if your computer gets compromised and someone gets into your Hello Alice account, that’s not good for anyone.
- We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
- Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
If you have any questions or comments, or if you have a concern about the way in which we have handled any security matter, please send an email to [email protected].