Skip to main content

We take security seriously.

At Userback, we take cyber security very seriously and have implemented several measures to safeguard the Userback infrastructure from potential attacks. Our commitment to cyber security benefits our customers and provides peace of mind knowing that their data is safe with Userback.

Encrypted transmission

All browser connections and communication is transmitted over HTTPS, ensuring data privacy and integrity. Our servers only support the highest level of encryption 256-bit cipher suites TLS 1.2 or TLS 1.3, protecting against unauthorized disclosure, modification, and replay attacks.

  • All non-essential ports and external network interfaces blocked by default
  • No financial data or credit information is stored in any Userback system
  • All account passwords are stored as one-way hashes
  • All account data is encrypted and securely stored in database

Key management

Userback maintains a strict policy for assigning and distributing keys which may access any production or development systems.

  • Access keys to the production servers are only distributed to CTO and System Admin Lead
  • Keys are never stored in any online system
  • Keys are never stored anywhere as plaintext
  • Individual access keys are generated per employee with developer only access

Source code

  • We perform static code analysis of all production code
  • We perform third party security assessment
  • All sub-dependencies have been vetted for security and performance issues
  • We follow strict compliance with source code licensing and open-source licensing
  • We do not use production data in our test or development environment

Monitoring and incident response

Systems are monitored 24/7 for performance and access anomalies. Our uptime and all notification of performance incidents are made public at https://status.userback.io. We provide transparent post-mortems for every significant incident affecting our performance.

Userback has a security incident response policy and procedures associated to provide a full set of actions to deal with security incidents and provide initial response, investigation, and customer and authorities notification according to the applicable laws.

We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Datacenter security

We use a third-party, top-tier datacenter that maintains several industry-recognized certifications, including FedRAMP, ISO, SOC, PCI, and more.

Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and more than 30 others.

Full disk encryption

All infrastructure used by the Userback product uses industry standard full disk encryption.

All Userback portable computing devices are required to employ full disk encryption regardless of their intended use or the data stored on them.

Awareness and training

All staff and contractors go through a vetting process where they are subject to background checks and confidentiality agreements.

We provide an ongoing program of security awareness training designed to keep all members of staff informed and vigilant of security risks. This includes regular assessment of comprehension to measure the program’s effectiveness.

Compliance

Userback adheres to the Australian Privacy Act 2003, Section 2 of the Information Privacy Act 2009, the Australian Privacy Principles and is compliant with the GDPR legislation.

More information on our compliance with GDPR can be found at https://userback.io/userback-gdpr/.