Customer trust and data security are critical to everything we do at Little SaaS, Inc.
All products built at Little SaaS, Inc. provides all the required encryption, safety, security, and precaution measures. All data is always handled within the scope permitted by the relevant regulation and by our customers.
DataCenter Location
All the data is stored at Amazon AWS servers in the Ireland-Europe edge.
Data Security
All data is everywhere sent over HTTPS or WSS (an encrypted channel). At Little SaaS, Inc., we have strict security rules to have end-to-end encryption for any requests coming to our systems and inside our systems. We also have HTTP Strict Transport Security (HSTS) enabled, which forces us to support encrypted networking and ensure that we will support it in the future.
Infrastructure & Stability
We top-class AWS services to handle all the technical challenges. We use dedicated cloud-based database solutions to make sure data is always available and safe. Each database service we use, such as Amazon Aurora or Amazon ElastiCache, is running under SLAs. For data storage, we use AWS S3 and other AWS services known for high availability and quality in general.
All applications we built are API-centric, which separates the user side and backend, which allows us to move faster and deliver better stability and better user experience.
Product Security
Little SaaS products are using encrypted connections everywhere. All sensitive data inside database such as user credentials or SMTP server credentials are encrypted with military grade AES (Advanced Encryption Standard) encryption protocols with 256-bit keys unique to each credential.
Permissions
User has permission to use software as it is.
Password and Credential Storage
All passwords and credentials are stored encrypted.
Uptime
We have several layers of monitoring with notifications to team communication channels, email, automated phone calls and SMS. You can see our live uptime statistics here: status.littlesaas.com
Network and application security
Data Hosting and Storage
All data is hosted in AWS cloud. We use several services of AWS, yet all of them are connected inside private network.
Failover and DR
All processes run on linux machines with self recovery. If there is some error, processes restart themself and logs the error. Also many components are redundant and replicated. So if one would fail, another one would take over automatically.
Virtual Private Cloud
All services we use are running in AWS virtual private cloud network.
Back-Ups and Monitoring
All database is continuously backed up for the case of emergency. We monitor all parts of the system from several different angles. From basic HTTPS monitoring, to detailed database, EC2, S3, SQS, SES, SNS and other service monitoring.
Permissions and Authentication
Permission to data access is very limited and follows the principle of least privilege.
Encryption
All network activity with Little SaaS servers is encrypted.
Incident Response
All systems are monitored from several different angles with direct notifications to team communication channels including but not limited to email, phone call, and sms.
Additional Security Features
Training
Each person who gets access to sensitive information are pre-trained to know how to work with the system.
Policies
Employee Vetting
When hiring we carefully check all available details about the future employees and once onboard they get access to only things they need. Only over time trust is built and employees get access to more sensitive tasks and associated information.
Confidentiality
All information about the clients is confidential unless it was posted publicly by the client before.
PCI Obligations
We do not store any credit card information. We directly transfer all information to the billing partner, e.g. Stripe.