ReportGarden Security

Trusted Infrastructure

ReportGarden is a unified software for marketing agencies. Our application allows agencies to focus on their marketing strategies while ReportGarden focuses on Client Reporting & Management, Prospects Management, Lead generation, Budgets monitoring and many more. This Page gives an overview of application performance and how security is designed into the ReportGarden software. ReportGarden host it services on Heroku which is a network isolated, dedicated runtime environments for enhanced privacy, power, and performance. This infrastructure provides secure integration of clients accounts, secure storage of data with end-user privacy safeguards, secure encryption of passwords and two-factor authentication, secure and private communication with customers, and safe operation by administrators.

We will describe the security of this application in progressive layers starting from the physical and network security, continuing on to how the hardware and software that underlie the infrastructure are secured, and finally, describing the technical constraints and processes in place to support the performance of the application.

Commitment to Privacy

As Digital Marketing Agencies rely more heavily on the data, they need to have confidence in the capabilities, reliability, and security of this software. ReportGarden applies security best practices and manages platform security so customers can focus on their marketing strategies.

ReportGarden invests heavily in securing its infrastructure with expert engineers dedicated to security and privacy distributed across all of ReportGarden.

ReportGarden works hard to earn and keep the trust of their customers, and so, we want you to be aware of our commitments in each area.

Reliability

ReportGarden’s computing platform assumes ongoing hardware failure, and it uses robust software failover to withstand disruption. All ReportGarden systems are inherently redundant by design, and each subsystem is not dependent on any particular physical or logical server for ongoing operation. Data is replicated multiple times across Heroku dynos(third party) so that, in the case of a machine failure, data will still be accessible through another system. We also replicate data to secondary data centers in different seismic and geographic zones to ensure protection from data center failures.

ReportGarden’s services are designed to scale to hundreds of thousands of users. We run multiple different performance tests, including load testing our applications under high load over a long period, to observe effects on factors, such as memory use and response time. ReportGarden also performs stress testing to examine system performance in unusual situations, including system functional testing while under unusually heavy loads, heavy repetition of certain actions or inputs, or input of large numerical values and large, complex queries to a database system.

Privacy

We do everything in our power to protect agencies from attempts to compromise their data. We vigorously resist any unlawful attempt to access or block access to our customers’ data, whether it be from a hacker or any malicious software. Whether it is an integration or client’s contact, ReportGarden does not own that data.

That means two key things:

  • We use your information for the purposes specified in the policy, such as delivering you the service for which you pay.
  • You have control over your data. We provide you with options to delete and export your data so that you can take your data with you at any time.

ReportGarden may only access data in your account in strict compliance with our Privacy Policy and customer agreement. For purposes of providing technical support, an administrator from your domain may choose to grant the ReportGarden Support team permission to access accounts in order to resolve a specified issue.

Application Security

SECURE ACCESS

ReportGarden servers can be accessed only via HTTPS using Comodo SSL Certificate. We use industry-standard encryption for data traversing to and from the application servers.

XSS

All user inputs are properly encoded when displayed to ensure XSS vulnerabilities are avoided.

CSRF

All POST requests are checked for CSRF token before processing the request.

SQL INJECTION

ReportGarden interacts with a database through ActiveRecord. The default and convenient Object Relational Mapping (ORM) layer which provides abstraction, safety and allow developers to avoid manually building SQL queries.

ReportGarden also uses Brakeman which is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities.

ENCRYPTED DATA STORAGE

ReportGarden does not store any sensitive details on it’s network. We store sensitive details in our database in an encrypted form.

Physical and Network Security

We use Heroku, Amazon’s AWS platform and infrastructure for ReportGarden. Here are more details about security setup of AWS, Heroku.

CLOUDFLARE

We use Cloudflare for increasing internet pressures. Cloudflare is a web performance and security company. Cloudflare’s WAF, DDoS protection, and SSL defend website owners and their visitors from all types of online threats.

1. CLOUDFLARE WAF

Cloudflare’s enterprise-grade web application firewall (WAF) detects and block common application layer vulnerabilities at the network edge, utilizing the OWASP Top 10, application-specific and custom rulesets. It has two-factor authentication so that the accounts get an added layer of login security, ultimately adding another layer of security to our website.

2. CLOUDFLARE IPF

Cloudflare IP Firewall avoids the most common security attacks which run over a public network, such as the Internet.

3. CLOUDFLARE RATE LIMITING

Rate Limiting protects critical resources by providing fine-grained control to block or qualify visitors with suspicious request rates.

4. CLOUDFLARE DDoS MITIGATION

DDos Mitigation resists the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet by protecting the applications, websites, and APIs from malicious traffic targeting network and application layers and maintains the performance and availability.

Monitoring

Ensuring the availability of ReportGarden application is just as important as protecting them from malicious requests. We have a dedicated team working 24/7 for application monitoring. We use both internal and multiple external monitoring services to monitor ReportGarden. Our monitoring system will alert our team through emails and phone calls if there are any errors or abnormality in the request pattern. We take utmost care in picking the right external tools and here are the four tools which are woven together to monitor ReportGarden application 24 hours.

SCOUT

ReportGarden uses Scout which is a Rails monitoring app for serving: the performance metrics, a layer of analysis, and a generous helping of workflow improvements. These features reduce the stress on us in identifying the root cause of Rails app performance woes.

ROLLBAR

ReportGarden uses Rollbar which is a real-time, full-stack error monitoring and debugging tool for developers used to monitor the impact of our code changes and measures the performance, track errors and analyze our application. It integrates with GitHub to link stack traces to the underlying source code, correlate exceptions to code changes, and create GitHub issues allowing us to manage errors in the existing workflow.

INSTRUMENTAL

ReportGarden uses Instrumental for sending metrics and building graphs to monitoring servers and services. It serves us,
1. System & Service Monitoring
2.  Application Monitoring

LIBRATO

ReportGarden uses Librato for monitoring and understanding the metrics that impact the software at all levels of the stack.

Vulnerability scanning and audits

Third party security testing of the Heroku application is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed by the assessors, risk ranked and assigned to the responsible team.

ReportGarden undergoes penetration tests, vulnerability assessments, and source code reviews to assess the security of the application, architecture, and implementation. Our third-party security assessments cover all areas of our platform including testing for OWASP Top 10 web application vulnerabilities and customer application isolation. ReportGarden works closely with external security assessors to review the security of the platform and applications and applies the best practices. We also hold open bug bounty programs which allows the security researchers, report a vulnerability on ReportGarden application as long as the vulnerability is discovered without using intrusive testing techniques.

Compliance

ReportGarden is committed to complying with the strictest data protection frameworks and laws. The EU GDPR regulations strengthen the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across the world, regardless of where that data is processed.

You can count on the fact that ReportGarden is committed to GDPR compliance across its products. We are also committed to helping our customers with their GDPR compliance journey by providing them with the robust privacy and security protections we have built into our product over the years. As of writing, this document ReportGarden is working aggressively to ensure its GDPR compliance. ReportGarden also wishes to comply with EU-US Privacy Shield and is working towards ensuring compliance. The document will be updated accordingly for these line items. 

Performance

ReportGarden offers a 99.99% app uptime and 99.99% API uptime. Furthermore, ReportGarden hardly has downtime or maintenance windows. To minimize service interruption due to hardware failures, natural disasters or other incidents, ReportGarden, takes the data backup and save in a different server in a different and highly redundant availability zone. In case our server downs, we spin the server in an hour.

Indemnity Clauses

ReportGarden ensures that its platform and services do not inadvertently cause its customers to breach intellectual property rights and other laws. Our indemnification rules are governed by our Terms of Service and Privacy Policy  which can be read on the given links.

Employee Screening and Policies

As a condition of employment, all ReportGarden employees undergo pre-employment background checks and agree to company policies including security and acceptable use policies.

Disclosure

We are working continuously to make our system secure. If you find any security issues, please submit it to privacy@reportgarden.com We take security as our highest priority. We will make sure the issue is fixed and updated at the earliest.