We have implemented a formal procedure for security events and have educated all our staff on our policies.
We used automated deployment techniques which mean we can update our systems in a matter of minutes. We typically deploy code several times every day, so we have high confidence that we can get a security fix out quickly when required.
All of our services run in the cloud. We do not run our own routers, load balancers, DNS servers, or physical servers. Our services and data are hosted in Amazon Web Services (AWS) facilities in Ireland.
Our infrastructure is spread across 3 AWS data centers (availability zones) and will continue to work should any one of those data centers fail unexpectedly.
All customer data is stored in the EU. We are fully registered with the Information Commissioner's office.
All data sent to or from Taxi for Email is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
Taxi For Email is served 100% over https. Our team use two-factor authentication (2FA) and strong password policies. We offer a range of options for our customers around login so they can choose the standards that suit them best and match their own security policies
Taxi for Email enables permission levels to be set for users.
Our systems are automatically monitored 24/7 and our team are notified of issues in real time.
As a London based company the GDPR is part of the law where we operate, as such we have no option but to comply from the moment it becomes active in May 2018. Our processes and systems are already fully compliant. For the purposes of the GDPR we are registered as a Data Controller for our own data and a Data Processor for situations where we handle data on behalf of our customers.
Taxi For Email is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe.