SECURITY OVERVIEW


We take security very seriously here at Casting Crane. We know our customers trust us with their important data, and we use industry best practices to keep it secure.


Continuous Data Backup

Everything stored on Casting Crane is backed up daily. We have tested our recovery procedures, and in the event of a data-loss we are able to restore from backup within an hour.

We can also allow you to export your Casting Crane data to CSV format, for additional peace of mind.


Encryption In Transit and At Rest

When using Casting Crane, all of your data is sent via HTTPS. Our database and all backups are encrypted.


Availability

We strive to make Casting Crane a highly-available service that our customers can rely on. Casting Crane runs on infrastructure that has fault-tolerance and redundancy built in. If incidents do arise, we keep our customers informed and work hard to resolve them as quickly as possible.


Hosting and Service Providers

We consider security as primary criteria when choosing service providers.


Billing

Our credit card processor, Stripe, has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.


Authentication

For accounts, we store your password using the industry recommended hash function (bcrypt).


Access to Customer Data and Audit Policies

We have strict policies in place regarding Casting Crane employee access to data you store on Casting Crane. From time to time, certain employees may need to access customer data in order to diagnose and resolve issues. Whenever practical, we notify the customer and obtain written consent before doing so. We have granular audit logs in place to ensure that any access to customer data is logged.


Application Security Process

All new product features and internal processes are peer-reviewed and evaluated for their security impact before they are released to production. We strive to continuously monitor and improve our security practices in response to industry changes and customer feedback.


Bug Bounty Disclosure Program

The software security research community makes the web a better, safer place. We support their bug-hunting efforts with a bounty program.

To report a vulnerability, please complete the form at https://bugbounty.castingcrane.com/ or email us at security@castingcrane.com


Would you like to learn more? Have a security concern?

If you have any questions about the security of Casting Crane, you can contact our IT Security Team anytime at security@castingcrane.com.