Security

Rest easy knowing that your data is safe with PagerTree

discount sale, discount, price, ecommerce, percentage@2x.png

SSL Certificates

All communications over the wire (both internal and external) are securely done over SSL (HTTPS). We also use HSTS to force browsers into communicating over HTTPS.

Data Encryption

All data is encrypted at rest with AES-256. Account passwords are encrypted in the PagerTree database, preventing even our own staff from viewing them.

Database Backup

Our databases are backed up every hour. All backups are encrypted and stored at multiple data centers with limited access.

Redundant Infrastructure

PagerTree is run in a high availability (HA) configuration in multiple availability zones. Additionally, notifications can be sent through multiple providers (Twilio, Plivo, ...).

Secure Payment Processor

Our payments provider, Stripe, has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.

GDPR Compliant

We're committed to protecting all our customer's data, including those in the European Union. For more details, please see our EU Privacy page.

Security Practices

Security and Privacy

For detailed information about our security and privacy practices, you can view our privacy policy and data processing addendum. Below are some highlights.

Data centers and security measures

Data centers

PagerTree’s primary data and servers are hosted at Fly.io (Seattle, USA region).

Fly.io Details

The Fly.io infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure Fly.io data centers. For a detailed overview of all security and privacy measures, see the Fly.io Security page.

Additional security measures

  • Data center security: The data centers we use demonstrate ongoing compliance with rigorous international standards, such as SOC2 Type 1.
  • Access control: We restrict access to personal data only to our employees, contractors, and agents who need to know this information to operate, develop, or improve our service. Only a select few have access to the servers where data is stored. We go to great lengths to ensure the right balance between support and secure infrastructure. Employees can only access accounts if they have explicit permission from an account owner or the account is in review for compliance with the PagerTree Terms of Use.
  • Confidentiality agreements: Employees, contractors, and agents are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
  • App security: All access to the PagerTree interface is secured over SSL (HTTPS), ensuring the information is encrypted. Our SSL configurations are regularly and automatically scanned to ensure we can quickly remediate any vulnerabilities discovered, such as Heartbleed. Additionally, we provide both TLS and HTTPS connections to the PagerTree services, ensuring communications to the service are encrypted. Account passwords are encrypted in the PagerTree database, preventing even our own staff from viewing them. We offer a method to recycle API keys at any time in the PagerTree interface.
  • Fully redundant servers for the services.
  • Secure protocols (SSL / TLS) across the service endpoints.
  • Separately hosted documentation and marketing site.
    256-bit SSL encryption on the web app and payment processing.
  • All passwords are stored using one-way cryptographic hashing functions.
  • Hardened and patched OS with frequent security updates.
  • External monitoring and audits by highly respected security firms.

Data retention

As described on our pricing page, PagerTree collects and retains content and metadata for up to 1 year to allow customers to access their full alert and notification history. After 1 year, alert and notification data is removed from our system.

Vulnerability Remediation

Vulnerabilities that directly affect PagerTree's systems and services will be patched or otherwise remediated within a timeframe appropriate for the severity of the vulnerability, subject to the public availability of a patch or other remediation instructions.

Severity: Timeframe

  • Critical: 24 hours
  • High: 1 week
  • Medium: 1 month
  • Low: 3 months
  • Informational: As necessary

If there's a severity rating that accompanies a vulnerability disclosure, we'll generally rely on that as a starting point but may upgrade or downgrade the severity in our best judgment.