So you‘re looking into Roadmunk but wondering if you‘re even allowed to use it and if it‘s safe. Don‘t worry. Keeping our customers' data secure is the most important thing that Roadmunk does and is fundamental to the nature of our business. This living document will share the details of what we do to keep things safe, and some of the work that we’re doing to continually improve the security of your data.
We use world class data centers
Roadmunk’s physical infrastructure is hosted and managed within Amazon’s secure data centers and leverages Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) technology. The data is physically stored on servers in the United States and all backups are completed every 15 minutes to ensure and kept for a period of 30 days.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Your password is stored securely
All user passwords are hashed using the SHA1 algorithm with salt. Hashing passwords is actually more secure than encrypting them, because that means we don’t have access to the original passwords, nor does anyone else. So even if our database is compromised, everyone’s passwords will stay secure.
We do not store payment details
Roadmunk is not in the business of storing or processing payments. All payments go through our partner, Stripe, which is a leading global payments system that is PCI compliant. Details about their security can be found here.
All communication between Roadmunk servers and the client browser is secured using the industry standard Transport Layer Security (TLS). The connection is encrypted using AES-256 CBC with SHA1 for message authentication and ECDHE RSA as the key exchange mechanism.