Last updated: February 15, 2018
The following is a description of the steps Codeq is taking to secure user data and ensure we are making our best effort to protect users’ privacy and security.
Codeq has strict rules about accessing user data. Only one sysadmin on our team has the ability to ever access our production databases. At no point will a Codeq employee or affiliate ever knowingly access your private data, regardless of its anonymized state, without prior user consent. In addition, we restrict access to our email Natural Language Processing service, referenced going forward as “NLP”, and data parser system to only those with proper clearance.
Courier’s database tables contain personally identifiable information. Our production systems encrypt columns containing personally identifiable information, limiting our team’s access to your private information. Personally identifiable email information is defined as content that can reveal the following:
Courier data is encrypted between the client and edge servers via SSL. Production database data at rest is secured via disk encryption. Data in motion between backend services is completely isolated from public-facing access. Our mandate is to ensure your data is never exposed to threats.
Our NLP service only has access to parsed emails. Parsed emails are defined as emails that have been processed by our email parser to remove personally identifiable information. At no time is the NLP team allowed to access pre-processed emails unless a user consents to the act directly via electronic communication.
We’ve implemented a flag feature that allows users to flag message content, from the client, for review by our NLP team. Flagged messages give explicit consent from the user via electronic communication to review and analyze raw email message content.
Our server environments are hosted on Amazon’s cloud-based services and benefits from Amazon security and encryption systems. We utilize Amazon Virtual Private Cloud (VPC) to completely lock down network access to all production service components with inbound and outbound filtering at the instance level. REST servers requiring internet access by the Courier app are placed in a public-facing subnet, backend services including NLP, Database and Elastic Search are isolated in a private-facing subnet with no Internet access. Database encryption keys are securely stored in AWS’ Key Management Service (KMS). We also have taken care to design and implement our services to protect our production environments from external attack. For example, to counter SQL injection attacks, all SQL queries used to access the database are parameterized and never generated dynamically. If you have questions please contact firstname.lastname@example.org.