All communications within Aurelius use end-to-end Transport Layer Security cryptographic protocols. All data is encrypted and protected all the way from your browser, to our servers, to our databases and back again. This encryption protocol is used to safeguard your sensitive personal information, including your credit card number during online transactions. There are no communications that are ever sent in plain text. Additionally we serve all our apps over HTTP/2.
We use a PCI compliant payment processor Stripe for encrypting and processing credit card payments, and all transactions are completed in a PCI compliant manner. Aurelius never stores your payment information and all information is sent to Stripe using TLS encryption.
Aurelius is protected from DDoS attacks using mitigation techniques including TCP Syn cookies and connection rate limiting. This prevents attacks from threatening service performance or shutting down our websites entirely, even for a short time.
Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked. This prevents attackers from identifying network services running on our host.
Aurelius frequently runs internal penetration testing upon its servers to evaluate the security of the system. These tests are performed to identify both weaknesses, including the potential for unauthorized parties to gain access to the system's features and data. Rest assured that your data is safe.
Our secure data centers utilize the Amazon Web Service (AWS), Google Cloud and Microsoft Azure technology and have automatic fail over from one provider to the next. For example, if AWS goes down, our application will remain running on one of the other providers. Amazon, Google and Microsoft continually manages risk and undergo recurring assessments to ensure compliance with industry standards. Amazon, Google and Microsoft’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
All of application data is backed up daily, and can be restored in the event of a disaster. You can rest assured that even a natural disaster will not compromise your data you put into Aurelius.
To prevent unauthorized account access we enforce strong user passwords, and use a strong password encryption algorithm which prevents reverse engineering and attacks. In addition, all personal user account information is further encrypted during transmission and authenticated via JSON Web Tokens. JWTs are an open, industry standard RFC 7519 method for representing claims securely between two parties utilizing an symmetric encryption algorithm. Users should not divulge their passwords to anyone. Aurelius will never ask you for your password in any phone call or unsolicited e-mail.
When entering information into Aurelius or contacting Aurelius through any method of communication (phone call, email, web form, etc.) you must determine whether the method of communication is adequately secure for your purposes prior to providing any PII or other confidential information. Any PII or confidential information sent by the user is sent at the users own risk.