This FAQ describes how and where Cobot is hosted and our security measures. Last edited March 19, 2019.
Cobot is hosted on Amazon Web Services (AWS) and Heroku, in the Ireland/EU region. We run some of our apps on EC2 instances ourselves, others run on Heroku dynos.
AWS by default puts our servers behind a Firewall, so only the necessary ports/services are reachable from the Internet.
Our providers are PCI compliant and/or ISO 27001 Certified. We do not receive, store or process payment information ourselves and maintain a high level of security around this. Our process to get payment information to our partners is PCI-DSS SAQ A compliant.
We do not process or store any credit card data. When users enter credit card information on Cobot, it is sent directly to the payment processors we work with (such as Stripe).
We publish our online availability at status.cobot.me. Most months we're at 100%.
We do hourly backups of our main databases with a retention time of 48h, and daily backups with a retention time of 32 days. Other databases are backed up daily. Backups are monitored by a 3rd party service and we regularly test them by doing test restores.
All backups are stored on AWS S3.