Keeping customer data safe is a top priority for the Pathmind team and we have a number of systems in place to ensure user information stays protected.
Physical Data Centers
Pathmind uses Amazon Web Services (AWS) for data management and cloud computing. AWS is trusted by organizations that need to keep sensitive information safe and is monitored by world-class security experts.
Access and Security
AWS data centers are built in carefully-selected locations after environmental and geographic assessment to minimize potential security issues or data interruptions caused by natural events. These data centers are monitored by video surveillance and professional security staff that use detection systems and other cutting-edge security technologies. Electronic intrusion detection systems are also installed within data layers. Data center access is regularly reviewed by the AWS security team.
Amazon employee access is limited to those with legitimate business needs and is given on a restricted, time-sensitive basis. Access is automatically revoked when an employee’s record is removed from the Amazon HR system, or when the approved access period has expired even if the individual remains an Amazon employee.
Third-party individuals must also provide legitimate business needs and be approved by AWS employees. They are restricted to areas specific to their needs and are accompanied by AWS staff during their visit. AWS monitors and logs visitation records.
For more information on security at AWS data centers, visit https://aws.amazon.com/compliance/data-center/controls/.
AWS data center operations are compliant with a number of leading security standards, including:
- ISO 9001, 27001, 27017, and 27018
- SOC 1, 2, and 3
- PCI DSS Level 1
For a full list of certifications under AWS compliance programs, visit https://aws.amazon.com/compliance/programs/.
Content created in projects using the Pathmind web application is stored using Amazon S3 and Amazon RDS and is protected by AWS security. Projects are run in the Pathmind web application in individual environments and do not interact with one another. This isolation helps keep uploaded files and other data safe from security issues.
Pathmind maintains a database of user information that includes items such as username and email address. Some metadata about projects and experiment runs is also saved to help address customer support issues. Pathmind employees do not interact with user data as part of day-to-day operations, but may do so if directed by a customer or as required by law.
Firewalls and Data Encryption
Pathmind uses firewalls to ensure user data is protected from cybersecurity threats. These firewalls restrict access from outside parties. Systems are assigned to firewall security groups based on function. Data is encrypted using industry standards when “at rest” and in transit between user machines and the Pathmind web application.
System Configuration and Engineering
Pathmind’s system stability and safety is maintained by updating test environments with configuration and security changes before deployment into production versions. Access to the system is limited to relevant employees and contractors. All code changes are reviewed for security weaknesses before deployment into production.
Credit card payments to Pathmind are processed using Stripe, a third-party payment processor. Stripe is certified to PCI Service Provider Level 1 and uses data encryption with AES-256 and other security features to protect customer information.
For more information abour Stripe security, visit https://stripe.com/docs/security/stripe.
If you have a security question or concern, please contact [email protected].