Yes— SphereMail keeps your information secure by continuously monitoring security events, and by using time-tested web application security “best practices” in accordance with OWASP security standards.


If you need to report a security vulnerability or have any questions regarding our Security Policy, please e-mail our Chief Information Security Officer (CISO) at support@spheremail.co directly.


Physical Security


All of SphereMail’s online services are hosted by Amazon Web Services (AWS) at a physical Amazon 

Data Center located in Oregon. Like many well-known major websites, we implement Amazon’s S3 storage 

security protocols which maintain compliance with programs, such as PCI-DSS, HIPAA/HITECH, 

FedRAMP, EU Data Protection Directive, and FISMA designed in accordance with AWS CIS Benchmark.


Network Security


All connectivity to our authentication service is done through an encrypted Transport Layer Security (TLS) 

connection. Following best practice recommendations from the National Institute of Standards and Technology 

(NIST), SSL and TLS protocol versions which have been proven to be insecure are disabled, and are not 

allowed to connect to our SphereMail servers.


We are running the latest Operating System distributions and installing security patches as they become 

available. Since a hacker cannot hack into something that is not there, we are continuously monitoring and 

rejecting incoming connections of unnecessary package transmissions.


On top of AWS security policies, each virtual machine is “hardened” by configuring its own firewall with only 

the minimum number of incoming and outgoing ports open.


SphereMail continuously audits and monitors all successful access requests and attempted unsuccessful access 

requests to the virtual machines that provide the SphereMail service.


All customer data is encrypted on the storage disks using the industry-standard AES-256 encryption algorithm. 

To understand which customer data we retain and how it is handled, please refer to SphereMail's privacy policy.


Internally, the strictest minimum number of SphereMail employees have Secure Shell (SSH) access to the 

SphereMail network infrastructure.


Credit Card Safety


When you refill an Organization credit, we do not store any of your credit card information on our servers. It is 

handed off to our partner payment processor companies who are dedicated to storing your sensitive data on 

PCI-Compliant servers.