Ensuring our users not only have easier access to their data but that it is always secure and in their control is at the core of Count’s design. We pride ourselves on having world-leading technology and this includes the security measures we put into Count and the procedures which describe how we work as a team.
We’ve outlined a number of different ways we keep Count secure below. This list is constantly improving and we are always happy to answer more specific questions. Just drop us a line at firstname.lastname@example.org and we’ll get right back to you.
Security and privacy measures and procedures
User privacy, integrity, and authentication
- HTTPS & SSL/TLS – Count requires all user communication to be through HTTPS (Hypertext Transfer Protocol Secure) and using TLS. This ensures privacy, integrity, and authentication for all traffic to/from our website. We additionally employ HSTS to protect against potential downgrade attacks.
- Cross-site request forgery tokens – We verify CSRF tokens at every point to make sure your data can’t be tampered with by malicious 3rd parties.
- No passwords – We require users to authenticate using magic links or Google Auth. This means we never store their passwords and organizations can safely control their employees' access to Count. It also allows organizations to use and control two-factor authentication by default.
Storage and servers
- EU servers – All Count’s servers are all based in the EU, hosted by Google Cloud Platform. Access to our servers is protected through two-factor authentication, and access is only given to a select number of Count employees.
- Encrypted at rest – Your data and our databases are automatically encrypted at rest, cloaking your data in another layer of protection.
- Firewall – Our servers are closed to all connections except those explicitly allowed by us.
- Rate limiting – We limit the number of requests we can receive by a user to guarantee uptime to our customers and prevent DoS (denial of service) attacks.
- Automated security checks on build - We have automated safeguards in place to check our code for potential issues before anything goes live.
- Penetration testing – We regularly run penetration testing on our systems so we know there are no doors open to a malicious 3rd party to access.
- Code reviews and standards - We draw on industry experience both internal and external to ensure our code is readable, maintainable, and free from security vulnerabilities. No developer can approve their own work before it is deployed.
- GDPR – We offer organizations a data protection agreement (DPA) so they can be GDPR compliant with Count as a data processor for them.
- Strict employee confidentiality – All our employees are required to sign an extremely strict confidentiality agreement before they are allowed any interaction with customer information.
- Customer data – Only a very small number of Count employees are allowed access to customer data and only for the purpose of helping customers when requested for support purposes.