Data Centre Access
Skeddly uses only AWS infrastructure. There are no data centres used. As such, physical access to Skeddly infrastructure (even by Skeddly personnel) is not possible.
Raw Database Data
Skeddly uses an RDS database to store account information. This includes information such as:
- Usernames and email addresses
- Account settings
- Cloud account credentials (AES256 encrypted before being stored)
- Action data
- Accounting data
Only the company president has access to the data in the RDS databases.
User passwords are one-way salted and hashed before being stored. There is no way to recover and/or otherwise reverse-engineer passwords.
Action Execution Logs
Support personnel have access to action execution logs for support purposes only.
Engineers have access to action execution logs for technical debugging purposes only.
Cloud Account Access
Access to your AWS, Azure, or GCP account only happens by:
- Action executor services, as requested by your configured actions.
- Web front-end, as requested by the signed-in user.
In the event that access to your cloud account is required outside of the above (usually for debugging purposes), explicit permission will be requested first.
Since this would be outside normal behaviour, all such access is performed only by the company president.
All access would be logged by CloudTrail (if accessing your AWS account).
Credit Card Information
All credit card information is stored within Stripe.
Once you submit your credit card information on the forms, that information is sent directly from your web browser to Stripe via HTTPS, it doesn't ever touch Skeddly servers. Credit card information is never stored within the Skeddly infrastructure.
The only information viewable is:
- Credit card type (Visa, Mastercard, etc.)
- Last 4 digits of the card number
- Expiration date
Only the company president has access to the Stripe accounts.
Only the company president has access to the PayPal account.
All Third-Party Services
Whenever supported by the service, access to any third-party service used by Skeddly requires use of two-factor authentication (2FA, MFA). This includes the use of:
- Hardware devices
- Google Authenticator
- SMS messaging
Only the company president has access to these devices.