Data Security

Customer trust and data security are critical to everything we do at Little SaaS, Inc.

All products built at Little SaaS, Inc. provides all the required encryption, safety, security, and precaution measures. All data is always handled within the scope permitted by the relevant regulation and by our customers.

DataCenter Location

All the data is stored at Amazon AWS servers in the Ireland-Europe edge.

Data Security

All data is everywhere sent over HTTPS or WSS (an encrypted channel). At Little SaaS, Inc., we have strict security rules to have end-to-end encryption for any requests coming to our systems and inside our systems. We also have HTTP Strict Transport Security (HSTS) enabled, which forces us to support encrypted networking and ensure that we will support it in the future.

Infrastructure & Stability

We top-class AWS services to handle all the technical challenges. We use dedicated cloud-based database solutions to make sure data is always available and safe. Each database service we use, such as Amazon Aurora or Amazon ElastiCache, is running under SLAs. For data storage, we use AWS S3 and other AWS services known for high availability and quality in general.

All applications we built are API-centric, which separates the user side and backend, which allows us to move faster and deliver better stability and better user experience.

Product Security

Little SaaS products are using encrypted connections everywhere. All sensitive data inside database such as user credentials or SMTP server credentials are encrypted with military grade AES (Advanced Encryption Standard) encryption protocols with 256-bit keys unique to each credential.

Permissions

User has permission to use software as it is.

Password and Credential Storage

All passwords and credentials are stored encrypted.

Uptime

We have several layers of monitoring with notifications to team communication channels, email, automated phone calls and SMS. You can see our live uptime statistics here: status.littlesaas.com

Network and application security

Data Hosting and Storage

All data is hosted in AWS cloud. We use several services of AWS, yet all of them are connected inside private network.

Failover and DR

All processes run on linux machines with self recovery. If there is some error, processes restart themself and logs the error. Also many components are redundant and replicated. So if one would fail, another one would take over automatically.

Virtual Private Cloud

All services we use are running in AWS virtual private cloud network.

Back-Ups and Monitoring

All database is continuously backed up for the case of emergency. We monitor all parts of the system from several different angles. From basic HTTPS monitoring, to detailed database, EC2, S3, SQS, SES, SNS and other service monitoring.

Permissions and Authentication

Permission to data access is very limited and follows the principle of least privilege.

Encryption

All network activity with Little SaaS servers is encrypted.

Incident Response

All systems are monitored from several different angles with direct notifications to team communication channels including but not limited to email, phone call, and sms.

Additional Security Features

Training

Each person who gets access to sensitive information are pre-trained to know how to work with the system.

Policies

Employee Vetting

When hiring we carefully check all available details about the future employees and once onboard they get access to only things they need. Only over time trust is built and employees get access to more sensitive tasks and associated information.

Confidentiality

All information about the clients is confidential unless it was posted publicly by the client before.

PCI Obligations

We do not store any credit card information. We directly transfer all information to the billing partner, e.g. Stripe.

Security questions?

If you think you may have found a security vulnerability, please contact our security team at [email protected].

Learn more about Little SaaS by reading our Terms of Use and Privacy Policy.