Security at Doorway


At Doorway we are committed to offering world class data protection standards to ensure your data is safe and your compliance requirements are met.

The goal of Doorway is to provide an integral component of your Corporate Identity and Sales/Marketing tech stack. A tool for networking and sharing information about you and your business. This mission can't be fulfilled without us implementing strict technical measures and following the highest security standards to build up trust with our customers.

Here you'll find more information on how we approach security, and if you have additional questions feel free to get in touch at hello@doorway.io.

Data centre security

Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for its data centres, including ISO 27001 compliance, PCI certification, and SOC. For more information about their certification and compliance, please visit the Amazon Web Services security site.

EU Hosted infrastructure

Doorways infrastructure is hosted on servers in the European Union. This allows us to meet specific regulatory and compliance requirements of organisations of Europe. Our data centre provider Amazon Web Services maintain multiple certifications, including SOC 2 and ISO27001. In addition all data is encrypted both in transit and at rest using strong encryption (AES256).

Communication

All user data is transported securely, as all traffic is encrypted in transit via SSL. Encrypting data in transit protects it from unauthorised snooping, modification, and man-in-the-middle attacks. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.

Credit Cards

Doorway does not store any credit card information. We have partnered with Stripe for credit card processing which allows us to leverage AES256 encryption at rest, with PCI Service Provider Level 1 standards in the storage and handling of credit card information. This is the most stringent level of certification available to the payments industry.

Data breach disclosure

In the event of a data breach involving personal data, we will promptly report to the local authority and to the people (data subjects) involved.

Employee access is limited and audited

Only the people who need access to improve or operate the system have access. We make sure there are several layers of controls that individuals must go through to access customer data. And when they do their routine maintenance, debugging, or servicing of the system, they’re led through an auditing access path that requires them to state the valid consent or justification for the specific access session.

Penetration testing

We partner with world leading security providers to perform regular security penetration testing of our systems and platform.

Data breach disclosure

In the event of a data breach involving personal data, we will promptly report to the local authority and to the people (data subjects) involved.

Processing of Company Personal Data

Doorway will comply with all applicable Data Protection Laws in the Processing of Company Personal Data and not Process Company Personal Data other than on the relevant Company’s documented instructions.

3rd party Sub-Processors

Our sub-processors are leaders in their space and have security as top priority. You can find the list of our sub-processors in our Subscription Terms.

GDPR commitment

Doorway is committed to compliance with the General Data Protection Regulation, and meeting our legal obligation by helping our customers become compliant.

Data backups

We run automated backups of our databases every day to ensure your data stays safe and highly available.

Log collection

We collect detailed logs to ensure we have a high-resolution trail of the actions performed across the platform for any incident investigation if so required.

Software updates

We have automated systems in place that monitor the versions and vulnerabilities in all of the code that powers Doorway and our infrastructure is continuously updated to the latest and most secure versions of software.

Automated tests

We run an extensive suite of automated tests after each code change to verify correctness of Doorway features, including authentication and the permission system.

HTTP strict transport security

Our application forces all requests over HTTPS, ensuring all traffic is secured in transit and protecting against protocol downgrade attacks.

Security headers

Our application uses a series of security headers, including X-Frame-Options, X-XSS-Protection and Content-Security-Policy to mitigate a wide range of common security issues.

Reporting security issues

If you believe you have discovered a vulnerability in Doorways product or have a security incident to report, please contact hello@doorway.io. By providing a submission, you agree that you may not publicly disclose your findings or the contents of your submission to any third parties without Doorway's prior written approval. Detailed and quality reporting is important to Doorway. You must include a working Proof of Concept.

If you want to report a legal or compliance issue with Doorway please contact hello@doorway.io

View: