Security at Shortcut
SOC 2
Shortcut has successfully completed its SOC 2 Type 2 audits for controls relevant to security, availability, and confidentiality with no exceptions in entity-level testing. This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we’ve implemented. For a copy of our SOC2 report please email security@shortcut.com.
Server Security
Shortcut runs on Amazon Web Services. All Shortcut machines limit access to the least number of people necessary to keep them up and running. Deploys are automated to all machines, and all machines with access to Shortcut data have SSH disabled to prevent any unauthorized access to customer data.
Communications
All data exchanged with Shortcut is done via the HTTPS protocol.
Data Storage
Live Shortcut data is stored on AWS in DynamoDB, and access is limited to machines that need read and write access to the data. We also do incremental, encrypted backups of the DynamoDB datastore every 10 minutes to Amazon S3 which is designed to offer 99.999999999% durability for the data in the event of a problem or catastrophic failure of DynamoDB.
Employee Access
No Shortcut employee will ever see your customer data unless required to do so for support reasons. If you reach out with a support issue which requires us to access your customer data, we will request and wait for your written permission before doing so. We have an audit trail of customer data access to prevent misuse. We would only access your customer data without your permission in the event of a rare, emergency service incident that is causing system-level outage.
Maintaining Security
All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL. We also allow you to use two-factor authentication, or 2FA, as an additional security measure when accessing your Shortcut account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.
Credit Card Safety
When you sign up for a paid account on Shortcut, your credit card information is handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or even see your credit card information.
For More Information
If you have any questions or concerns, please contact us at support@shortcut.com.