Security Policies

Last updated: December 12, 2020

Ensuring our customer data is secure and protected is a top priority at HiThrive, which is why we've taken extensive measures to bolster our security for our platform and tools the team at HiThrive use. HiThrive is hosted on Heroku and benefits from their world-class security. Our team takes additional proactive measures to ensure a secure infrastructure environment.


Application Authorization

When you install HiThrive using a third-party (Slack, Microsoft Teams, etc), we only request the minimal permissions required for HiThrive to function properly. We don't have access to your conversations, private or public messages or files. The data we sync from third-parties is limited to:


Infrastructure

HiThrive is hosted entirely on Heroku. Our databases are only accessible by the services that require access and by users with revocable credentials. Credentials are rotated regularly and stored outside of our code.


Authentication

HiThrive leverages Slack’s OAuth for signing into our website, making HiThrive as secure as Slack. Our website and servers use HTTPS over SSL (TLS 1.3) to protect your data. HiThrive is being used by Fortune 500, FinTech, and cloud-security companies, among others.


Availability

Our services are distributed across multiple physical data centers in the United States, enabling us to provide redundancy and failover protection.


Data Centers

Our application is hosted on Heroku, which is hosted and managed within Amazon Web Services data centers. These data centers are accredited:


Internal Tools

HiThrive employees are required to follow stringent security practices such as:


Vulnerabilities

We regularly audit our codebase, third-party libraries and frameworks to ensure they're up-to-date and patched whenever a vulnerability is detected.


Encryption

Our data is encrypted at-rest and in-transit. Only HiThrive employees and services with proper credentials have access to data. Our web-based apps, APIs and services are only accessible over TLS, ensuring connections internally and externally are encrypted.


PCI Compliance

All payments and stored payment methods are processed by Stripe, our payment processing partner. HiThrive does not have access to credit or debit card details once saved, other than Name, Billing Postal Code, Brand and Last 4.


Privacy Policy

Here is our Privacy Policy.


If you have any questions or concerns about security, please email security@hithrive.com.