Flipturn Security Overview

Last Updated July 21, 2023

Introduction

Your operational data–across telematics, charging, and more–is critical to your business. At Flipturn, we take the security of our customers’ data extremely seriously. We use software industry best practices to ensure the safety and integrity of all data stored on our platform. Read on to learn more about Flipturn’s industry-leading security practices.

Flipturn is in the process of being audited for SOC2 compliance.

Product Security

Authentication gates users’ access to any data in the product. Updates to the product are audited for good security hygiene. Internal access to production data is protected by several layers of authentication and authorization.

Physical Security

Flipturn’s production data is processed and stored within world-renowned data centers that use state-of-the-art multilayer access, alerting, and auditing measures.

System Security

Servers and Networking

All Flipturn servers and structured datastores use managed infrastructure services provided and secured by Render and Amazon Web Services. Our web servers encrypt data in transit using the industry standard for HTTPS security (TLS 1.2 and TLS 1.3) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA or 256 bit ECDSA, signed with SHA256.

Storage

All persistent data is encrypted at rest using industry-standard AES-256 algorithms.

Operational Security

Employee Access

We use Google account infrastructure to verify employee account identity and require two-factor authentication for apps that access critical infrastructure or customer data.

Access to administrative interfaces additionally enforce administrator permissions where applicable. All employee contracts include a confidentiality agreement.

Code Reviews and Production Deployment

All changes to source code are subject to automated testing and any that affect security require pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.

All code is deployed to a staging environment for quality assurance and automated tests must pass prior to updating production services.

Service Levels, Backups, and Recovery

Flipturn infrastructure utilizes multiple and layered techniques for issue mitigation and reliable uptime. Flipturn uses highly redundant datastores, rapid recovery infrastructure, and point-in-time backups making unintentional loss of customer data very unlikely.

Application Security

Server and Client Hardening

Flipturn servers use Render, Cloudflare, and Amazon Web Services managed infrastructure which utilize firewalls to restrict system access from external and internal networks, DDoS mitigation, spoofing and sniffing protections, and port scanning. Request-handling code paths have frequent user re-authorization checks, payload size restrictions, rate limiting where appropriate, and other request verification techniques. Client code utilizes multiple techniques to ensure that using Flipturn Connect is safe and that requests are authentic, including XSS and CSRF protection, signed and encrypted user authentication cookies, and session expiration.

Customer Payment Information

We use Stripe for payment processing and do not store any credit card information. Stripe is a trusted, Level 1 PCI Service Provider.

If you have additional questions, feel free to contact us here.