PILOTSHIP
SECURITY STATEMENT
Last Updated: February 15, 2018
Pilotship follows industry best practices to develop our product securely and stay ahead of digital threats. Below is a summary of our policies and practices as it relates to compliance, privacy, and security.
Application Security

Traffic between customers and Pilotship is protected with highly secure in-transit encryption using only the most secure TLS protocols and ciphers, along with 2048-bit encryption keys.

Application, and system logs are captured and stored permanently, allowing for detailed forensic research.

Pilotship regularly updates our servers, upgrading and patching vulnerabilities as they are discovered.

Data Security

Pilotship’s software is powered by world leaders in data center management and security. Physical access is protected by 24x7 onsite staff, as well as state-of-the-art multifactor access controls, intrusion detection systems, and other electronic security controls.

Our infrastructure partners maintain SOC Type II and ISO 27001 certifications.

Data Encryption

Customer data is encrypted in transit and at rest to ensure end-to-end protection with the latest standards and protocols.

Our website runs entirely over SSL (https). When connecting to third party services on behalf of customers, we ensure all API endpoints are protected by a valid SSL certificate.

Data at rest is encrypted at multiple levels, including on the physical disk and by the logical storage subsystem using AES-256. Keys are randomly generated and encrypted asymmetrically, stored and protected by a proprietary key management service provided by a global leader in infrastructure security.

Availability & Recovery

Pilotship’s infrastructure runs on fault-tolerant systems. We leverage third-party providers to provide 24/7 monitoring and alerting of any downtime.

Training

All Pilotship staff members receive security training and a secured computer to ensure consistent protection of shared infrastructure. Developers receive additional security training, and application code is regularly reviewed to ensure adherence.

Access rights are based on employee’s job function and role.

Software Development Lifecycle

Pilotship uses the git revision control system. Changes to our code base are subject to automatic tests and are manually reviewed. Code changes are first deployed to a staging environment to undergo further testing before being made available to our customers in the product environment.

Continuous Improvement

Pilotship staff reviews all security-related policies, procedures, and training programs to ensure adherence in the execution phase, and to ensure alignment with the latest industry standards and best practices.

Related information: Pilotship's Privacy Policy & Terms of Service.