PacerPro is a SaaS (Software as a Service) that provides document search and storage for information retrieved from the PACER (pacer.gov) system. We integrate a variety of software and service providers together. As such, our security policy is an amalgam of both our own policy and procedures and those of our upstream vendors.
Our application servers are hosted by Heroku, a PaaS (Platform as a Service) provider. They provide physical facility, servers, data storage, and networking for us. Their security policy may be accessed on the Internet.
Customers are permitted to view only their own data and no one else's. Site administrators may look at customer data for diagnostic purposes only. Access is controlled via password authentication. Administrative access is limited to designated individuals.
Encrypt Sensitive Data at Rest
All customer sensitive data, e.g. passwords, PACER credentials, and banking information, are encrypted and/or tokenized using industry standard encryption.
Encrypt Data in Transit
Our applications communicate over HTTPS and SSL at all times to protect sensitive data to and from customers.
We capture logs from our servers using the logentries service. Sensitive data are redacted automatically before storage. Old logs are purged automatically after 30 days.
We test our application thoroughly and continuosly before each release. These tests are automated so that every time there is a code change, the entire test suite is run. We include security tests in our code to prevent policy violations. We will not release anything into production until all tests are passing. In addition to testing, we run our code through a series of "static analysis" tools at Code Climate. These tools scan for security issues, which we address as they are detected. Finally we run a dynamic security scan using the (poorly named) Tin Foil Security service to identify any "well-known" security vulnerabilities.
|Sendgrid||in- and out-bound email||Security policy|