Security Policy

Our team works continuously to protect the privacy, security and integrity of your account and data. The security of your information is required for our success as a business and we take steps every day to provide a secure Lobbipad experience for you.

PHYSICAL SECURITY
We ensure that the machines within the Lobbipad infrastructure are protected from the ground up. We use AWS for our hosting, we do not host any servers ourselves. AWS is an industry leader and provides a highly scalable cloudcomputing platform with end-to-end security and privacy features built in. All our infrastructure has been certified by national and/or international security standards. You can see all details of AWS compliance programs here. AWS provides a 99.99% Uptime SLA. Access to these data centers is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures, 24 x 7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centers by AWS employees is authorized strictly on a least privileged basis and is logged and audited routinely. Lobbipad employees do not have physical access to our servers in AWS.Electronic access to the servers and services of AWS is restricted to a core set of approved Lobbipad staff only.

DATA SECURITY
All passwords are filtered from our logs and are one-way encrypted in the database using the pbkdf2 (salted) hash function. All traffic is always sent over SSL. Lobbipad cannot view any of your credentials, so much so that if you lose your password, it must go through the reset procedure for your account to be accessible again. We ensure that all customer account and dashboard data is replicated and regularly backed up.

EMPLOYEE ACCESS AND SECURITY
Lobbipad employees are granted access to systems and data based on their role in the company or on an as-needed basis. Access to customer data by Lobbipad employees is only used to assist with support and to resolve customer issues. For such cases we will get your explicit consent each time. Violation of this policy is a serious matter requiring investigation and appropriate disciplinary action up to and including termination as well as legal action. When working on a support issue we do our best to respect your privacy as much as possible and only access the minimum data needed to resolve your issue.

MAINTAINING SECURITY
Lobbipad adheres to industry best practices for design and development. We always thoroughly test new features in order to rule out potential attacks such as CSRF, XSS, SQL injections, among others. We constantly improve our security policies as the threat landscape changes. Our engineering team continuously monitors ongoing security, performance and availability. We subscribe to all relevant security bulletins so that we can promptly address any security issues in the software we use.