# Security Statement

* We use encrypted connections (TLS) whenever it is possible 
* We enforce 2FA (two-factor authentication) for core systems
* We use source code dependency scanning tools
* We host data provided by customers on DigitalOcean, Inc. 
* We create daily data backups on DigitalOcean, Inc. and Amazon Web Services
* Daily data backups are available for a minimum of ten subsequent days
* Our services are hosted on DigitalOcean, Inc.

## Security Bug Fix Policy

The following table describes when we resolve security bugs in our products:

| **Severity**                            | Resolution time                                  |
| --------------------------------------- | ------------------------------------------------ |
| <p></p><p><strong>Low</strong></p>      | <p></p><p> within 175 days of being reported</p> |
| <p></p><p><strong>Medium</strong></p>   | <p></p><p>within 84 days of being reported</p>   |
| <p></p><p><strong>High</strong></p>     | <p></p><p>within 42 days of being reported</p>   |
| <p></p><p><strong>Critical</strong></p> | <p></p><p>within 10 days of being reported</p>   |