Doorkeeper Security Overview
All data is sent over HTTPS
All communication between your browser and Doorkeeper uses HTTPS, and is encrypted using TLS.
We protect your data
All data is written to multiple locations and is backed up on a daily basis. Files that you upload are stored using the Amazon S3, which stores them redundantly.
All passwords are filtered from all our logs and are one-way encrypted in the database using salted sha512. Passwords are required to be at least eight characters, and can be any combination of characters, including but not limitted to upper or lowercase characters, numbers, and special characters.
Hosting Provider Security
Doorkeeper is hosted on Amazon Web Services (AWS), which has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS undergoes annual SOC 1 audits and has been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems. For more details, see AWS Security Center.
Secure Credit Card Processing
We use Stripe to process credit cards. Stripe is designed in such a way that we never receives any of your sensitive credit card information, such as the number itself or the CVC. Rather, we only have access to less sensitive information, like the brand of the card, last four digits of the number, and the expiry date, along with an identifier that allows us to bill a given credit card in Stripe's database. This means that even if a hacker was to gain access to Doorkeeper's database, they still wouldn't be able to make fradulent charges to your credit card.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. For more details on Stripe's security, see their Security page.
Up to date infrastructure
We keep our servers up to date with the latest security patches.
Application logs backed up to the cloud where they are stored indefinitely.
Doorkeeper employees do not normally have access to private data, and will only be granted access when necessary for support reasons.
Need to report an issue?
If you've discovered a security concern, please email us at firstname.lastname@example.org.