Keeping your data secure and available is essential to us. We apply state-of-the-art technologies and strict security policies to provide a platform you can trust.
With Amazon Web Services (AWS), we utilize the world's most extensive, reliable, and secure cloud infrastructure.
The data centers are monitored by 24/7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.
All data flowing between you and our servers is encrypted in transit using TLS 1.2. Nobody can eavesdrop on the connection.
Data is also encrypted at-rest using 256-bit AES encryption. This means it's protected from unauthorized access at all times.
We enforce strong passwords for everyone logging into Back. Sorry, password123 won't work; you need to get a bit more creative.
If your company prefers to use an identity provider like Google or Okta to control user access, we have you covered as well.
We have a role-based system to access production data. Access is exclusively granted to a few employees who need it to perform their daily operations.
Connection to the infrastructure requires multiple authentication levels: an individual SSH key with a passphrase and valid AWS IAM credentials. Each engineer has a unique login to the database. We log every access to the database as well as every executed query. That means if something still went wrong with all these measures in place, we will know which data has been accessed or modified.
And finally, we only hire kind and honest employees who made it through an extensive screening and interview process.
Our employees use company-owned computers with hard-drive encryption enabled.
Everyone is required to use a password manager, which our company monitors. Only unique and strong passwords are allowed. We also enforce two-factor authentication whenever possible.
No unauthorized person has access to our office in Berlin. We have documented key management, our office is securely locked, and we have video surveillance in place.
We're working hard to keep our code safe, too. Without exception, every line of code going on production goes through a required and documented code review by one or more engineers.
Before the deployment, we run hundreds of automated tests to ensure the stability of the latest version and static code analysis to catch potential mistakes. An automated service is frequently running to check our code dependencies and make sure we keep them up to date.
The data is stored in Frankfurt, Germany, in a highly secure Amazon Web Services data center.
We're doing a snapshot of the database every four hours. Snapshots are replicated across multi-zones.
Back works with all modern browsers (Chrome, Firefox, Safari, and Edge) without additional plugins.
We welcome feedback regarding security vulnerabilities from Back users and security researchers. If you believe you found one, please read our Security Vulnerability Disclosure Policy and report it at email@example.com.