Our customers regularly ask us about Affilimate's security program. In general, we don't want to expose detailed information about our security program because we don't want provide any intelligence to bad actors.
However, information security is imperative and our customers need to know that we take the security of the data they entrust us with seriously. To this end, we've outlined at a high level the measures we take to protect customer data.
Data center and application security
- We leverage Google Cloud for infrastructure, a leading cloud service provider.
- Affilimate's website and user application only work over HTTPS, ensuring your data on the platform remains safe and can be accessed securely.
- Both your commission data and end user analytics data are encrypted in transit and at rest using 256-bit Advanced Encryption Standard (AES-256).
- All network and program connection details are also encrypted with 256-bit AES encryption.
- No third parties have access to your end user analytics data or commission details.
- The only time page-level commission data is shared with a third party is to send your daily earnings email via our ESP, Customer.io, which you must explicitly opt into.
- Sensitive payment data is handled exclusively by our PCI-compliant payment service provider, Stripe.
- Our infrastructure runs on fault-tolerant systems with daily backups.
- We have 24/7 monitoring and alerting so our team can be notified in the event of any incidents affecting availability.
Security culture and processes
- Our cofounder and CEO previously worked in the finance sector, and regularly participated in audits and ensuring security in compliance with rigorous PCI DSS standards.
- All team members are required to use a password manager to generate secure passwords, securely store login details to any systems that may contain customer data.
- Multi-factor authentication is enforced and regularly monitored for all services where it's available.
- Access to confidential information is highly restricted, and available only on a needs-to-know basis.
- All team members sign legally binding NDAs and agree that they may not personally use or share customer data in any way.
- Access to the production database and cloud resources are limited to a few select senior staff members.
- Our product development processes include security review and testing.
- We routinely review access to various systems and provide access on a least-privileged, need-to-know basis.
- We actively monitor for abusive accounts and take measures to shut them down.
Disclosures
For parties who received prior written and approved authorization, Affilimate supports responsible disclosure of security vulnerabilities.
To report security-related issues, including possible security vulnerabilities, please contact security@affilimate.com.
Affilimate does not participate in “bug bounty” programs and does not allow security testing against Affilimate software, systems, or properties without prior written authorization.
Your privacy
We never sell your data, or share it without your consent. See our Privacy Policy and request a copy of our Data Processing Agreement for more details on how we protect your data.