As a company that takes data security and privacy very seriously, we recognize that Competition Corner's information security practices are important to you. While we don’t like to expose too much detail around our practices (as it can empower the very people we are protecting ourselves against), we have provided some general information below to give you confidence in how we secure the data entrusted to us.
Data Center Security
- Our data centers are hosted in the U.S. and Germany, and secured with the usual high tech stuff that data centers always brag about.
- We can scale our infrastructure to support the highest demand of traffic at a moments notice.
- We have DDOS mitigation in place at all of our data centers.
- We leverage a variety industry leading monitoring and performance tools, such as Pingdom, PagerDuty, NewRelic, Status.Io, and many others to ensure we are proactive in ensuring all systems are healthy and transparent to our users.
- We have a documented IT continuity and scaling plan.
Protection from Data Loss, Corruption
- All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other.
- Account data is mirrored and regularly backed up off site.
Application Level Security
- Competition Corner account passwords are hashed. Our own staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
- All login pages (from our website and mobile website) pass data via TLS.
- The entire application is encrypted with TLS.
- Login pages and logins via our API have brute force protection.
- We perform regular external security penetration tests throughout the year using various tools and third party partners. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
Protecting Ourselves Against You
Yes, you heard that correctly. We can secure ourselves like Fort Knox, but if your computer gets compromised and someone gets into your Competition Corner account, that's not good for either of us.
- We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
- Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
- We monitor accounts for signs of abuse.
- In addition to our scalable algorithms, we employ another layer of human reviewers, who monitor for anomalous account activity.
- We provide the ability to establish tiered-levels of access within accounts.