is owned and operated by and secured according to the same practices we use across all our development efforts.

Customer Confidentiality

We take confidentiality of customer data very seriously. Unauthorized access to customer data is prohibited by our security policies and procedures.

IT Security Procedures

At Fluxon, all our corporate devices enforce security policies enforced by MDM, including Full Disk Encryption and Anti-Virus.

All access to Dory internal documentation and systems is secured through Fluxon's Google Workspace identity management system with 2 factor authentication required. Accounts are closed upon leaving the company, thereby revoking all access to internal systems.

Application and Data Security

The production application is secured by relying on security of proven components. Private events are only accessible through login via Firebase Authentication. Access is controlled by Firebase security rules.

Dependencies are scanned continuously for vulnerabilities and updates are performed regularly.

Access to production systems is on a need-to-have basis. If access is not required to perform the duties of a role, then it is not granted. Access to customer information without a need is prohibited.

Encryption of data at rest is provided by Google Cloud Platform. All data is secured in transit by HTTPS. Certificates are managed by Google Cloud Platform.

Third Party Data Processors is deployed on Google Cloud Platform (GCP) Infrastructure as a Service (IaaS). It uses Sentry and Datadog for error detection and triage; Amplitude for product instrumentation; Intercom for in product support; and Stripe for payments processing and subscriptions management.

Development Process

Changes to source code are managed via software version control. All changes are reviewed by senior team members. We regularly release changes to our QA environment, and verify behavior. We perform a release of verified application versions to production on a weekly basis.

Workforce Security

All employees of Fluxon undergo a background check prior to joining the team. Team member's undergo regular security training and must comply with corporate security policies.

Disaster Recovery is hosted on highly-available infrastructure provided by Google Cloud Platform. In order to maintain quality of service we operate a versioned release process with traffic migration. We continuously monitor for issues and are able to revert to previous application versions on short notice.

We maintain regular backups of our application database and verify our recovery process periodically.

Did this answer your question?