The measures I take to protect your data
Fri Sep 01 2023At Arsawatt Software Inc., we are staunch believers in the old-fashioned business model that revolves around providing a quality service that you pay us for, with no strings attached. Our commitment to maintaining your privacy and security goes far beyond simply fulfilling the functions of a personal finance management app; it is engrained in the foundations of every policy and decision we make.
First and foremost, your data is your own. We don't believe in making profits from selling our user's data, either individually or in aggregate. We understand the value of your financial information and highly respect your trust in us, vowing to protect it at all costs.
In relation to subprocessors, let’s talk about security. A subprocessor is a third-party data processor engaged by Arsawatt Software Inc., who has been given the appropriate contractual authorizations, to have access to or potentially process any data or personal information. We keep our subprocessor selection to a minimum and only engage with those who align with our stringent data protection measures.
Our subprocessors consist of Heroku, Render, Google Cloud and Stripe.
Heroku is a cloud application platform with a strong, experienced team dealing with security. It enables us to build, run, and operate the Arsawatt Software Inc. app entirely in the cloud. Heroku’s security team is constantly working on measures to ensure data integrity and information security.
Render stores and delivers the front-end of the application. Here you can find information about their handling of security and trust.
Google Cloud, our chosen identity platform, keeps user data secure with preventive, detective, and reactive safeguards such as anomaly detection and multi-factor authentication. This independent platform significantly reduces the risk of unauthorized accesses.
Stripe, our selected platform for payment processing, is renowned for its rigorous security protocols. They handle billions in transactions annually, which is a testament to their widely recognized and trusted services. Stripe is certified to Payment Card Industry Data Security Standards (PCI DSS) and ensures strict adherence to these protocols for all transactions. This ensures the highest level of security for cardholder data. This level of certification is a critical yardstick for service providers to measure their security infrastructures and is mandatory for any company that handles card payments. Additionally, Stripe uses secure encryption methods. It employs Transport Layer Security (TLS), which ensures the privacy of communication between your web browser and Stripe's servers, allowing no room for data interception during transactions. Stripe also takes protective measures like two-factor authentication and collaboration with credit card networks to continuously monitor for suspicious activities, thereby further securing your transactions.
Additionally, all communication is encrypted end-to-end through HTTPS, ensuring that all exchanges remain confidential and secure against any breach attempts.
It is important to acknowledge, however, that no security system is impregnable. Given enough resources and time, any sufficiently funded effort can breach even the most fortified defenses. But we strive to be vigilant, continually improving and fortifying our security measures.