RollKall Security Practices

At RollKall we take the security of our infrastructure seriously and we strive to implement industry wide best practices in order to safeguard our user’s sensitive information.

The following are just some of the ways that we deploy to ensure the protection of our data:

• The RollKall websites and APIs all require a secure connection using the SSL/TLS latest encryption protocols (TLS 1.2). No information is ever transmitted without an encrypted connection.
• User passwords are all hashed and salted using BCrypt, a modern adaptive password hashing function that meets modern security standards.
• RollKall does not store sensitive personal identification data, like social security numbers and payment information.
• Phone numbers, email addresses, and contact information is not shared until Officers apply or are assigned to jobs.
• RollKall’s application infrastructure is hosted on the cloud using best practices to ensure secure access for resource management and to the database servers.
• The application has been reviewed for protection against common hacking attacks such as SQL injection or cross-site scripting.
• The application frameworks and code dependencies are periodically reviewed and updated to ensure that any discovered vulnerabilities or bugs are patched.

As we continue developing and introducing new features, RollKall engineering will continue to evaluate our security exposure and make sure that we meet the industry’s required security standards (e.g. PCI, etc).