OneSky Security

Server and network security

We ensure the confidentiality and integrity of your data with industry best practices. All servers are built on top of Amazon Web Service with AWS Compliance, which is Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant.

OneSky employed a team of server specialist 24x7 to monitor security vulnerabilities and respond to service incidents. This team will also perform regular audit according to AWS best practice.

OneSky’s web application servers are physically and logically separated from servers that store customer data. Dedicated VPN services and firewall are used to block unauthorized system access. All operating systems are hardened to remove all unnecessary software.

Application security

OneSky is built according to secure development best practices with security reviews incorporated throughout the design, prototyping and deployment process. Logs are regularly analyzed to identify patterns of suspicious activity.

Communication security

SSL/TLS is used to exchange private data between OneSky and web clients.

Data security

We classify and treat all data as confidential, using inbound and outbound low-level logical firewalls to ensure that data cannot be leaked between OneSky networks. Any data sent from OneSky by emails will be delivered using encrypted transport via Sendgrid. OneSky is using PCI compliant payment partners and does not store your credit card credentials.

Employee Access

No OneSky operation personnel ever access private projects unless required to for support or project management purposes according to system role-based model. The role-based access is secured by unique login credentials. Access is given to our operation personnel upon hire and revoked upon termination.

The support staff may sign in to your account in order to solve and assist in resolving support inquiries. The support staff does not have direct access to customers data. Solving a support issue, our support team only has access to the files and settings needed.

Here is the list of data subprocessors

Entity Name Entity Location
Amazon Web Services, Inc. USA
Logentries USA
SendGrid, Inc. USA
Zendesk USA
Heap, Inc. USA
Intercom, Inc. USA
Firebase USA
ObjectLabs Corporation USA
ChartMogul Ltd United Kingdom
Xero Limited. New Zealand
HubSpot, Inc. USA
 

If you have any questions or reports about our security, please contact contact us.