Here at Messagely
we take security seriously
In a world where data breaches are becoming increasingly commonplace, we’ve spared no expense in ensuring that we process and store data securely.
Top-notch security that’s compliant With international standards
Messagely lets you customize each team member’s access to app settings, billing information, user data, and more.
With Single Sign-on (SSO), you can use your own systems to authenticate users. Users will not need to input extra login credentials.
To add an additional layer of security, utilize 2-Factor authentication (2FA) as well.
Messagely guarantees an uptime of 99.9% or higher.
Messagely utilizes a password complexity standard for added security. We also store all passwords and credentials using PBKDF (also known as bcrypt).
Other best practices
To learn about how you can make your Messagely app more secure, check out our Security help doc.
We host our services and data in Amazon Web Services’ data centers in the US.
Virtual Private Cloud
Messagely’s servers are housed within a virtual private cloud (VPC), and we use Access Control Lists (ACLs) to ensure that unauthorized requests do not get access to our network.
Back-ups and Monitoring
To back up customer data, Messagely uses an MMS backup service by MongoDB. We also produce audit records and get Logentries to analyze these. To archive our records, we use Amazon S3.
Messagely’s infrastructure and data are spread across 3 AWS availability zones. This means our tool will function as per normal even if one of these data centers fail.
Messagely encrypts all data that passes through the app using 256 bit encryption. We utilize TLS/SSL only API and application endpoints which are HSTS and Perfect Forward Secrecy. Our endpoints also score the highest possible rating on tests by Qualys SSL Labs.
Permissions and Authentication
Messagely makes it easy for you to limit access to customer data to select employees. The app is served on a secure HTTPS connection, and we use a combination of Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure that only authorized users get access to our cloud services.
Messagely utilizes a multi-pronged approach when it comes to vulnerability scanning. On top of using external security tools to check for vulnerabilities, we frequently enlist the help of security experts in conducting penetration tests. Finally, we run a “bug bounty” program on Bugcrowd to tease out additional areas of vulnerabilities.
Messagely has a standard protocol in place, and we’re well-equipped and able to handle security issues. Our employees are aware of these protocols, and familiar with the escalation procedures to follow in the event of a security incident.
Other security features
Messagely allows users to port or delete data, with automatic data expiration. This ensures that you’re fully compliant with the GDPR.
Messagely has put into place several security policies that cover all our bases. We frequently revisit and update these policies, and share them with our entire team.
Employee checks and vets
In accordance with local laws, Messagely performs stringent background checks on its new employees. Among other things, we verify past employment and conduct criminal checks.
All Messagely employees are trained in Security and Awareness, and are familiar with relevant best practices.
All employees sign a confidentiality agreement before they join the Messagely team. Our employees understand the need to be discrete.
Payments that are made to Messagely go through the Braintree payment gateway. Braintree is a validated Level 1 PCI DSS compliant service provider. To learn more about Braintree’s security setup, policies, PCI compliance and more, visit their security page.