Data Security Facts & Questions

Anon Security - Everything you need to know

 

A frequent question and one which we take very seriously is how we’ve set-up Anon security, and how data is stored.

 

For your safety and comfort, our Technical team has spent close to a decade building robust cloud-based platforms – apps for governments, custom internal portals for tech giants.
We’ve always been aware that building a virtual workplace would entail a solid security, data and privacy plan. After we design a feature – we plan how to safely secure, host and store it. We’ll always be completely transparent with our user base on where your data lives and how we handle our security measures.

All Anon production services are run on infrastructure managed by AWS (Amazon Web Services). Computing’s done on their EC2 platform, and all your files are stored within S3. The servers themselves are located in their highly secure Asia-Pacific data centres.

From Amazon’s documentation:

AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). We undergo annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
We chose Amazon because, just like Netflix, we trust them with our code and your data. Here’s some handy links to their security measures and processes;

https://aws.amazon.com/compliance

https://aws.amazon.com/security 

No, just our own. We maintain completely separate and distinct production, staging, and development environments. Production data is not replicated outside of the production restricted environments.

All customer data is considered highly sensitive and protected. No one other than our development staff can access your data, and this is exclusively done upon request (i.e, if there’s an issue in your account you’d like us to check up on). Needless to say, all staff involved have had pertinent security checks and are full-time, on-site, fully-vetted employees.

We’re glad you asked. We are PCI compliant – this means we host any online transactions (in-browser and in our apps) with a secure and compliant third-party. We use Stripe, who are a PCI Level 1 Service Provider.

All data in transit is encrypted, and all passwords are hashed with the insanely secure Blowfish algorithm. Access rights and account privileges are controlled with JWT tokens – a handy little encrypted ‘key’ which allows you to communicate with our servers without having to expose your security details every time.

Amazon boasts an unbelievable 99.999999999% durability for all files on its S3 services. Nothing you upload there is going to disappear anytime soon. On our EC2 instances, our production databases are backed up daily. We have well-tested backup and restoration procedures, and can recover from a major disaster within a couple of hours (provided our developers are okay!).

Administrator access to our AWS account rests solely in the hands of our technical director. For the real important stuff, he’s the only one able to get in there. On top of this, for all server access to our production environments we’ve implemented two-factor authentication, meaning a password or private key alone does not get you inside the database.

At Anon, your privacy and anonymity is our paramount concern – we offer a tiered system where you can choose precisely how private your information is, and this underpins your entire experience with us.
Unless you elect to do so, your details will not be shared with your organisation under any circumstances. If complete anonymity is a concern, we won’t store any identifiable details in our system at all. No name, no email and no phone number. Just a randomly-generated ID number that can never be traced back to you.
On top of this, all your communications with us are encrypted. There’s no risk of anyone ‘listening in’ or otherwise intercepting your information.

After you’ve made your submission, you’ll be issued with a Secret Key, which is a randomised string of letters and numbers. Use this to ‘log in’, and check on the status of your submission. 

After you’ve made your submission, you’ll be issued with a Secret Key, which is a randomised string of letters and numbers. Use this to ‘log in’, and check on the status of your submission.
If you supply an optional email address, we’ll send you notifications about the status of your submission, and whether any comments have been posted. These emails contain no identifying information – they very simply mention that there’s something worth checking out in your Anon account.

For any inquiries please email

Login

Employers and Employees