Yes— SphereMail keeps your information secure by continuously monitoring security events, and by using time-tested web application security “best practices” in accordance with OWASP security standards.
If you need to report a security vulnerability or have any questions regarding our Security Policy, please e-mail our Chief Information Security Officer (CISO) at [email protected] directly.
Physical Security
All of SphereMail’s online services are hosted by Amazon Web Services (AWS) at a physical Amazon
Data Center located in Oregon. Like many well-known major websites, we implement Amazon’s S3 storage
security protocols which maintain compliance with programs, such as PCI-DSS, HIPAA/HITECH,
FedRAMP, EU Data Protection Directive, and FISMA designed in accordance with AWS CIS Benchmark.
Network Security
All connectivity to our authentication service is done through an encrypted Transport Layer Security (TLS)
connection. Following best practice recommendations from the National Institute of Standards and Technology
(NIST), SSL and TLS protocol versions which have been proven to be insecure are disabled, and are not
allowed to connect to our SphereMail servers.
We are running the latest Operating System distributions and installing security patches as they become
available. Since a hacker cannot hack into something that is not there, we are continuously monitoring and
rejecting incoming connections of unnecessary package transmissions.
On top of AWS security policies, each virtual machine is “hardened” by configuring its own firewall with only
the minimum number of incoming and outgoing ports open.
SphereMail continuously audits and monitors all successful access requests and attempted unsuccessful access
requests to the virtual machines that provide the SphereMail service.
All customer data is encrypted on the storage disks using the industry-standard AES-256 encryption algorithm.
To understand which customer data we retain and how it is handled, please refer to SphereMail's privacy policy.
Internally, the strictest minimum number of SphereMail employees have Secure Shell (SSH) access to the
SphereMail network infrastructure.
Credit Card Safety
When you refill an Organization credit, we do not store any of your credit card information on our servers. It is
handed off to our partner payment processor companies who are dedicated to storing your sensitive data on
PCI-Compliant servers.