Passwords are set by our users on registration, with unintrusive password strength validation. We never store passwords in plain text, only encrypted (hashed) versions of a password.
API access is controlled with unique tokens and secret keys which can be invalidated at any time.
All login attempts and user data is sent over SSL (https://) to ensure a secure connection between the client and our servers. Brute force detection is also enabled to prevent access to accounts through weaker passwords.
Access to information
Access to the data and charts you upload is limited to your account unless you grant access to other users or make the item public. The exception to this rule are charts created on the "free" plan, which are automatically published in our public gallery.
The data you upload is never shared with third parties. We store the data across multiple database servers within a VPC on AWS (Amazon Web Services) in North America.
At this time there is no option to encrypt the data stored within the ChartBlocks database but we restrict access to this information to only senior team members.
Despite our best efforts we can’t ensure or guarantee the security of the information you send or store with us, and you do so at your own risk.
Data is replicated across multiple servers instantaneously to reduce the risk of data loss. Daily snapshots of the database and our systems are retained for three months.
The ChartBlocks infrastructure is hosted on AWS (Amazon Web Services), offering us world class, highly secure data centers both physically and technically. For more information on the security measures adopted by AWS please see aws.amazon.com/security.