We use canUmeet every day to keep our team organized, connected, and focused on results. Ensuring our platform remains secure is vital to protecting our own data, and protecting your information is our highest priority.
Our security strategy covers all aspects of our business, including:
canUmeet is monitored 24 hour a day, 7 days a week, 365 days a year. If something goes wrong, we will be the first to know about it and will have technicians working to fix the problem immediately, no matter when it occurs. We monitor mailing lists for all our software dependencies to keep track of security notices and keep our software up to date. We also offer a security bounty for users reporting security problems. canUmeet is hosted in Heroku, which applies security best practices and manages platform security. https://www.heroku.com/policy/security
canUmeet uses the git revision control system. Changes to canUmeet’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein canUmeet employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. canUmeet engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.
We also work with third-party security professionals to:
canUmeet does not process payments directly and instead relies on an integration with the payment platform Stripe. PCI compliance is handled by Stripe, cf. https://stripe.com/docs/security and http://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe
Our team has the minimal required level of access to customer information in order to maintain our systems and to assist you appropriately.