Security Overview

At Stamplay we are focused on providing a secure and reliable platform service using proven the best-in-class technologies, practices and procedures.

Secure Infrastructure

Stamplay entirely run on Amazon Web Services. Web servers and databases run on servers in secure data centers with high reliability. Physical access is restricted to authorized personnel. Premises are monitored and access is logged. More info about AWS certifications and security can be read on aws.amazon.com/security

Isolated Services

Stamplay run with a complex microservice base architecture composed by Linux virtual machines. The machines are isolated from one another and from the underlying hardware layer. Server processes can't access to the local filesystem and are restricted to a particular directory.

Secure Network

Stamplay is accessible only over HTTPS. Traffic over HTTPS is encrypted and is protected from interception by unauthorized third parties. Stamplay stick to the current best practices for security, including the use of strong encryption algorithms with a key length of at least 128 bits.

Some servers allow SSH access (protected by TLS and private key authentication) for administration. Administrative access is granted only to a selected group of developers of Stamplay. Also the access by the application to the database used in the Stamplay service is over an encrypted link (TLS).

All network access, both within the datacenter and between the datacenter and outside services, is restricted by firewall and routing rules. Network access is logged and logs are retained for a minimum of 30 days.

Data Privacy

Stamplay has a privacy policy, which details the steps we take to protect clients’ information. You can view the privacy policy here: https://stamplay.com/privacy

Customer data associated with a projcet or a flow is not public and not viewable by other users, unless these are invited as collaborators on the same project.

Authentication

Clients can access their Stamplay account using a password which is known only to them or by using secure the third party authentication with Google. Clients are required to have reasonably strong passwords.

Passwords of users logging on Stamplay without third parties are not stored. Only a secure hash of the password is stored in our databases. Because the hash is relatively expensive to compute, and because a “salting” method is used, brute-force guessing attempts are relatively ineffective, and password reverse-engineering is difficult even if the hash value were to be obtained by a malicious party.

When Stamplay flows connect to an external system using user-supplied credentials, where possible this is done using OAuth, and in those cases, no credentials need to be stored in Stamplay servers. However, if a remote system requires credentials to be stored, they are encrypted using a 256-bit key.

Development and Testing Process

Stamplay developers have been trained in secure coding practices. We have fully functional automation systems in place which enable us to deploy changes to any of our applications in minutes. We typically deploy dozens of times a week - so we are well placed to roll out a security fix quickly, should the need arise. Stamplay application architecture includes mitigation measures for common security flaws such as the OWASP Top 10. The Stamplay application uses industry standard, high-strength algorithms including AES and bcrypt.

Data at Rest Protection and Transaction Data Retention

Stamplay removes sensitive data such as API keys and access tokens from workflow run log data stored. We only store the data we need to - that which is required for accessing your account, connecting with your different third party tools, and debugging workflows.

All transaction data is always encrypted in transit and when stored in Stamplay's platform.

Credit Cards

Stamplay does not store credit card information on its servers. All payments are processed through the leading online payments provider, Stripe. For more information about PCI compliance and Stripe’s other security features, see stripe.com/docs/security

Key concepts

Automate your business now

Streamline operations and improve productivity by 10X