The security of your data is our highest priority at Safewill. This document outlines some of the policies, procedures and systems in place to ensure your data is protected.

Data Communication

All communication with Safewill's GraphQL API is encrypted using TLS, meaning data is secured with the same level of encryption used by financial institutions. This also goes for any communication between Safewill's API and third party services such as Paperplane, S3 and Mailgun

Data Retention

Safewill uses Heroku's Continuous Protection service to backup data, allowing for rollbacks in the event of data loss. 

Financial Security

Your credit card details are sent directly to our payment provider over encrypted connections and are not stored or logged on our database.

Payments are processed by Stripe, a PCI-DSS Level 1 compliant service provider. To find out more about Stripe's security, click here.

Password Security

 Safewill enforces the use of strong passwords through a number of requirements:

  • Passwords must be a minimum of 8 characters
  • Passwords must include a number or special character
  • Passwords cannot contain the user's name or email address

Safewill also recommends that your password is unique for your Safewill account and updated regularly.  

No plain text passwords are stored at any time. 

Hosting

Safewill's application runs on Heroku and Amazon Web Services (AWS). For more information on their security provisions, refer to the following documents:

Vulnerabilities

Software libraries used by Safewill are regularly updated. Security updates from software libraries will be applied as soon as possible.   

Did this answer your question?