Security
The security of your data is extremely important to us. This document outlines some of the steps we take to secure our service.
TLS / SSL
All communication with Paperplane servers is encrypted using TLS (often also referred to as SSL).
Data retention
All data is backed up offsite daily for recovery from disasters. Backups are retained for a reasonable period of time but will eventually be deleted.
Financial security
Credit card details are never stored by Paperplane. Credit card details are transmitted directly to our payment provider over encrypted connections and are not logged or stored in our systems.
Payments are processed by Stripe, a PCI-DSS Level 1 compliant service provider.
Password security
Password security is maintained through a minimum passwords length requirement.
To maximise your safety, we recommend your password be at least 10 characters in length with a mixture of letters, numbers and non-alphanumeric characters. We recommend that the password you use for Paperplane is unique and not used on any other web site.
A password manager such as 1Password can help you manage your passwords securely.
No plain text passwords are stored at any time.
Physical security
Paperplane’s production systems run on Heroku and Amazon Web Services.
For more details on the physical security the provide, please refer to the following documents:
Vulnerability management
Software libraries used by Paperplane are regularly updated. Security updates from software libraries will be applied as soon as possible, often within 24 hours of public release.
Vulnerability disclosure
If you believe you’ve discovered a bug in Paperplane’s security, please get in touch at security@paperplane.app.