Security

Updated October 1, 2021

I recognise the importance of excellent security practices. This document aims to clarify how your data is protected.

General security practices

  • Access to servers, source code, and third-party tools are secured with two-factor authentication whenever possible.
  • I use strong, unique, and randomly-generated passwords.
  • Automated security vulnerability detection tools alert me when app dependencies have known security issues. Patches are applied and deployed promptly.
  • Production data never leaves the secure host. I.e. never copied to external devices such as laptops.

Encryption

Heroku manages SSL and uses their Automated Certificate Management service. Heroku Postgres is the database store. You can find further information on Heroku's database implementation and security here.

What kind of data we collect

When you sign up to Paced Email, we collect the minimum necessary information to get your account set up:

  • Username
  • Email
  • Password

Payment information

Premium account upgrades are handled securely by our third-party payment processor, Stripe. Paced Email does not store sensitive payment details.

Who we share information with

No one. Your personal information and email routed through Paced Email via Mailgun are not sold, read, or shared with third-parties. I'm not in the business of selling your data.

Information about how users are interacting with the app is collected using Google Analytics to help improve the product and provide faster, more effective support when issues arise.

See the Privacy Policy for further information.

How do I report a potential vulnerability or security concern?

Please email support@paced.email if you have any concerns.

Further questions?

Great! Please contact me, and I'll happily update this doc.