RollKall Security Practices
At RollKall we take the security of our infrastructure seriously and we strive to implement industry wide best practices in order to safeguard our user’s sensitive information.
The following are just some of the ways that we deploy to ensure the protection of our data:
- The RollKall websites and APIs all require a secure connection using the SSL/TLS latest encryption protocols (TLS 1.2). No information is ever transmitted without an encrypted connection.
- User passwords are all hashed and salted using BCrypt, a modern adaptive password hashing function that meets modern security standards.
- RollKall does not store sensitive personal identification data, like social security numbers and payment information.
- Phone numbers, email addresses, and contact information is not shared until Officers apply or are assigned to jobs.
- RollKall’s application infrastructure is hosted on the cloud using best practices to ensure secure access for resource management and to the database servers.
- The application has been reviewed for protection against common hacking attacks such as SQL injection or cross site scripting.
- The application frameworks and code dependencies are periodically reviewed and updated to ensure that any discovered vulnerabilities or bugs are patched.
As we continue developing and introducing new features, the RollKall engineering will continue to evaluate our security exposure and make sure that we meet the industry’s required security standards (e.g. PCI, etc).
RKPay Security Practices
When reviewing payment partners, RollKall reviewed multiple providers with security as one of the key factors in our decision making process. After careful review, we decided to partner with Stripe, one of the largest and most secure payment platforms in the industry.
At Stripe we were impressed by their commitment to ensuring that our officer’s, client’s, coordinator’s, and department’s payment information is secure. They are a PCI Service Provider Level 1, which is the most stringent security level in the payments industry. You can read more about their security procedures HERE:
Below are just a few highlights of their security protocols:
- Forced HTTPS using TLS
- Regular audits
- Payment information is encrypted with AES-256.
- PGP keys are used to encrypt all communication with Stripe.
- Vulnerability disclosure and reward program.