Security & compliance

Platform Security

Infrastructure

Physical Access

All of our services run in the Amazon Web Services (AWS) cloud. Mass Dynamics does not run its own DNS servers, routers, load balancers, or physical servers.
AWS data centres are certifications include: ISO 27001, PCI/DSS Service Provider Level 1, SOC II compliance - See the exhaustive list here.

Application Security

Review

All code is overseen by a senior engineer before being deployed to production systems.

Development and QA Environments

Development environments are logically separated from the production environment. Mass Dynamics members do not have access to non-production environments. Development environments are strictly controlled to maintain the security of software and data.

Automated Testing and Build Processes

We have an extensive set of automated testing procedures that are run for every code change.

Software Dependencies

Mass Dynamics uses automated tools to scan for known vulnerabilities and regularly update dependencies to ensure the latest security patches are applied.

User Logins

We protect against brute force attacks with rate limiting technology. All sensitive data such as password and API tokens are filtered out of logs and exception trackers. All user passwords are encrypted using battled-proofed encryption algorithms (hashed with bcrypt and a salt before being stored) in the database.

Data Encryption

Data/Encryption in Transit

Communications between customer and Mass Dynamics’ servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.

All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS)

Data/Encryption at Rest

Service Data is encrypted at rest in AWS using AES 256 key encryption. All user passwords are encrypted using battled-proofed encryption algorithms (hashed with bcrypt and a salt before being stored)  in the database.

Policies and Control

Employee Access to Data

Access to the Mass Dynamics production network is restricted by an explicit need-to-know basis, utilizes least privilege, is audited and monitored.

Non-Disclosure/Confidentiality, Privacy and Intellectual Property (IP)

Privacy

Mass Dynamics (MD) is dedicated to protecting your personal information and will make every reasonable effort to handle collected information appropriately. All information collected will be handled with care in accordance with MDs’ standards for integrity and objectivity and respect for your privacy. MD endeavours to comply with all laws and regulations that apply to the gathering and use of personal information. While we have provided plain english points here, please refer to our full Privacy Policy here and check out our Shared Responsibility Model.

Non Disclosure / Confidentiality

If Mass Dynamics or the user comes across Confidential Information, both agree to keep it confidential.

Intellectual Property

Members retain ownership rights to their data and content provided to Mass Dynamics (including any experimental insights generated). Mass Dynamics can use and access your data for the purposes of helping you transform your data to knowledge. We always seek consent from you prior to helping you.

Mass Dynamics allows members to use the service and we continue to own the service. If you provide feedback on our service and we deliver new features based on your idea, the Intellectual Property is with Mass Dynamics.

While we have provided plain english points here, please refer to our full terms here.

Documentation and Change Control

We manage all our infrastructure as code, allowing us to audit and peer review any changes, and to provide a secure and automated process for applying these changes.

Our Shared Responsibility Model