All of BetterFeedback’s application and data infrastructure is hosted on Hetzner Online GmbH (Germany), a highly scalable cloud computing platform with end-to-end security and privacy features built in.
For more specific details regarding Hetzner security, please refer to https://www.hetzner.com/unternehmen/zertifizierung
Virtial Private Cloud
All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses and other security features.
Customer data is stored in multi-tenant datastores. We have individual datastores for each customer. The data is stored in Germany.
All data sent to or from BetterFeedback is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. BetterFeedback is served 100% over https. BetterFeedback runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on BetterFeedback’s network. We have 2-factor authentication (2FA), and strong password policies on GitHub, Google, and BetterFeedback to ensure access to cloud services is protected.
Additional security features
All employee contracts include a confidentiality agreement.