Security

Last updated: Oct 12, 2020

Our commitment to security

RedisGreen and Stovepipe Studios make the security of your servers and your data our top priority. Our systems were designed from the ground up to be isolated, secure and reliable, while maintaining the high availability your applications need.

Fully Automated Databases

RedisGreen allows you to choose between major branches of database software in order to opt-in to new or different database features, but you never need to upgrade or maintain patchlevels yourself.

RedisGreen's team regularly reviews security advisories and rolls out automated patches to your database and underlying system software without disrupting your application.

Credit Card Safety

RedisGreen does not store any credit card information from customers. Braintree processes payments and stores all payment information. Braintree is an independent, audited, PCI-compliant service.

Privacy

RedisGreen is committed to the privacy of individuals.

RedisGreen operates in compliance with the principles of GDPR, LGPD, and other laws and regulatory frameworks designed to safeguard individual privacy. We carefully review and document how data is processed on behalf of our customers.

RedisGreen complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, read more about this in our privacy policy.

Customers can request a Data Processing Addendum (DPA) by contacting support@redisgreen.net.

We have a published privacy policy that clearly defines our approach to data privacy, and we take steps to protect the privacy of our customers and their data. You can read more in our privacy policy.

Transport-Layer Security (TLS and SSL)

All RedisGreen databases support TLS, and can be configured to only accept connections via TLS. Your RedisGreen account can be configured (in the "Default Settings" menu) to only allow connections via TLS for all resources.

RedisGreen's roots are kept securely offline. Certificates served up by RedisGreen databases are signed by an intermediate certificate authority.

Details on configuring TLS connections are integrated into your RedisGreen dashboard. A copy of our root cert which can be used to verify RedisGreen connections is available here:

Infrastructure Security

RedisGreen's primary physical infrastructure runs on Amazon Web Services secure data centers. AWS's data centers are accredited by:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Physical and infrastructure-level security, including access control, power redundancy, fire suppression, climate and temperature control, are all maintained by AWS to the state of the art.

Application Security

Our web dashboard and control plane applications undergo regular vulnerability scanning and source code reviews to assess the security of our systems.

We welcome third party vulnerability reports and take them seriously. Please see "Vulnerability Disclosure" below if you have found something that needs our team's attention.

All web application traffic is restricted to TLS/HTTPS only.

All systems at RedisGreen have a regular cadence of updates so no patch is left behind.

Data Security

All communication with your RedisGreen databases is optionally encrypted, see "Transport-Layer Security" above.

Database backups are encrypted in transit and at rest.

Employee Access

Stovepipe Studios and RedisGreen employees never access the contents of RedisGreen databases unless required for support reasons. Staff may log into your account to reproduce bugs or problems, and will look at summary reports on the performance of database queries as part of routine monitoring.

When working on support issues we try to respect your privacy and avoid accessing any information stored in your database unless needed to resolve an issue.

All privileged employee devices which may for support reasons need to access customer data use disk-level encryption and regular security update policies.

All Stovepipe Studios employees agree to all company policies as a condition of employment, including our security and privacy policies.

Vulnerability Disclosure

We appreciate help in disclosing any security issues to us in a responsible and ethical manner.

To report a security vulnerability, the RedisGreen security team can be reached at security@redisgreen.com. Security is our top priority at RedisGreen; we will be in touch with you as soon as possible.

You may use the following public key to keep your message safe:

Fingerprint: F486 7B61 1667 BA90 0DD5  3C1B D304 7F5D E1A4 8462
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF+ECWsBCADmLKMiFHuCfIFgvx8h4haqY2T4d6nuNfeskY0MrzXv13XN8ZGI
s9lUQH75Ic2+l06y38+jO/sG6cHTzznIDpp7nG28K1fRVimwHhHbTQbGeohVZqeJ
hS5avUEJBHTM6IQ39UfQ9huR/0Rm9rZoOmTM3y/dpVmumDA3VFFvpGxeKa5elBlh
gZZaLur97NjAoFS6o/BXSxMHwNPVfRzZdCD1mRB8Ed+UfaOanfhI7q9fdr09KPPU
2e7+IKMt9VTsnx635R3pnU3ICLc/4ZzfhHq2A5Z+9+PXPzFf/mjZLY06JUme9FOm
D0KM1DBUl+oqPX7ANhre+AWWILS7bJnVcyavABEBAAG0LVJlZGlzR3JlZW4gU2Vj
dXJpdHkgPHNlY3VyaXR5QHJlZGlzZ3JlZW4uY29tPokBVAQTAQgAPhYhBPSGe2EW
Z7qQDdU8G9MEf13hpIRiBQJfhAlrAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJENMEf13hpIRisykH/366NsZrZjom9nanzRJLrqNlR9xn9HzQ7HM2
yxktsWWU8LnpYYkObvkR7tFRTt2G1Cnp6z1oVBJ+TRd0qoOnqCE5FXCgA1ERvqVw
+H2toc3vMju/LMu0Mk3G5hqUU9np5hniJxb9IpxM2qK+/Hv9vFy28V73O2vPM8wv
NfIabVybXAiLuTAf96Gugf6rmbb8YravDiNDwK1JAWjST71jl+9S6Oc61hT8FeVG
K8Np9yU9zel4AEtPjR6vBysz3xUiGJ+x45ZTW+CHoyeWVn0r8Vx9BE75WSFDW0vS
apvNbk039KefItEK4rIp/638WCXroHKrJuUqmaBFXzoK7GEA8w65AQ0EX4QJawEI
ANGQWutYHTU9b+vLrsX2zNOIuqKDowHGb3H0rt0BWcpbab4mlNU52Nz++E5NtOSk
lb9eAQT2UninBpw/D1YN0hIjhySRLubLTOfedt4Jr/E2J0Pd7TBoHRME2ltiljM9
fBoONlP0Sags2ITiOfrfmOK8N8EH9DxS4GoctkllkG6cAKiic2RB49L6Ep8uMg4b
p4Z+yAB08QF1OOlp8mDcReq55BWsnkaP6w/JeAO9YhBwHD1puulBj0KmUSae72ZY
7lIeUvf3i55LmSTKdE0bjWuNNnNHsVxhN1OfusMgYaEbBSC0rSoAncQEFcW68/4L
l04RmUMwgDhU/QyQLksywjsAEQEAAYkBPAQYAQgAJhYhBPSGe2EWZ7qQDdU8G9ME
f13hpIRiBQJfhAlrAhsMBQkDwmcAAAoJENMEf13hpIRik4kH/jvIQcAs2m1r6P+U
Q/ujlxfnOUSnnjt6btVDBmlVfxlHWMkTfEjpX9XmpiY5OYW3ucWiEqZMN00dlviq
nwLmVpTepNCkcjPOAIf7slT9CArIoelEUMNZcutSL1vJg99c8c0HsuwCMVY44ydk
BbCKyGJ8rWrOMtE6AcOg4UEFowL9Ns2DZcHKjIl4O2KY3DQQWcgrtlG0/NNO3H4K
DxfZpOWnObXekH0JN+bDcHy+9+TYBEvc8X1d4kPJfCK9/WR50nAXQkIgPBYcRswT
QvNkSTDPxm0YIEAjkrFfZeKxhJC1e8MRtu+5PswjEkruPsW5SHNvJSOx1CgN6jfp
fAcJtCI=
=Xnqv
-----END PGP PUBLIC KEY BLOCK-----