We use the following security measures.
Network and data communication
Remote access requires VPN connection and two factor authentication.
Antivirus, malware protection and path management
Automated vulnerability scans are conducted regularly in order to detect web application vulnerabilities.
Backup and restore
Website Builder's static resources (images, files, scripts,) are automatically backed up on a daily basis via AWS AMI. In addition, data is replicated to another AWS data center.
Monitoring and alerts
We use several automated monitoring tools meant to detect abnormalities and misuse.
All data communication networks with external access are protected by a central firewall. Networks are separated for functionality and usage.
Networks, firewall, SSL certificates and virtual private network (VPN) is used when accessing critical systems.
All TCP outbound communication is SSL encrypted
Website Builder's servers are equipped with malware protection and intrusion detection systems.
Central patch management is conducted on a regular basis by AWS for security related updates to ensure known security issues cannot be used to gain unauthorized access to systems and data.
Website Builder uses AWS automated backup features that allow Website Builder to restore the database state and data to any point in time in the past 14 days. In addition Website Builder performs periodic database snapshots via RDS API.
Website Builder will not provide user account related information unless proper verification of the identity of the account owner is established.
Delete and destroy
Customer data will only be stored for as long as Website Builder and the partner or customer has an active agreement, and as long as it serves the purposes for which the data was collected. Upon expiration of an agreement with a customer, unless there is a legal or contractual obligation to maintain data for a long period of time, the customer's data will be deleted or at least personal data will be removed.
Access to Website Builder's systems and application is granted based on the "need to know" principle. Admin access requires the use of multi-factor authentication and passwords according to Website Builder's password policy.
Passwords policy is enforced for any user on the platform (account owners, team members, customers). The password is fully encrypted / hashed.
Website Builder's activities are based on cloud computing services provided by AWS.