Security
Effective date: September 5, 2023
Security is a very serious practice at featureOS. Every product discussion starts with the minimum requirement of protecting user data and security. We have a dedicated engineers who are constantly working to make featureOS more secure.
Compliance
featureOS follows the same security standards that comply with SOC 2 Type 2, ISO 27001, and PCI DSS. We are also GDPR compliant.
Hosting
featureOS uses Amazon Web Services (AWS) to host all the services. We use AWS’s Shared Responsibility Model to ensure that all the services are secure. We also use AWS’s Well-Architected Framework to ensure that all the services are built with security in mind.
Monitoring Services
featureOS uses a lot of different tools to monitor incidents, anomalies, and security threats. Any monitoring tool we use is open source and is self-hosted inside our own infrastructure. Some of our monitoring tools may run in multiple regions to ensure that we are always up and running. Some data-intensive monitoring services run inside our HQ to ensure maximum security.
Data Storage
featureOS uses PlanetScaleDB to store all the data. PlanetScaleDB is a MySQL compatible database that is built on top of Vitess. We backup all the data to a secure storage continuously as delta backups. We also take full backups every 24 hours.
The database access is restricted only to the CIO and the CTO. The database is not accessible from the internet, and is behind a secure firewall to communicate between our services. We also have dedicated monitoring systems to monitor the database for any suspicious activity.
You can learn more about PlanetScaleDB’s security practices here.
SSL Certificates
featureOS uses Let’s Encrypt to generate SSL certificates for all the services. We use a combination of Terraform and Certbot to generate and renew SSL certificates. We also use Cloudflare to cache all the static assets and to protect against DDoS attacks. All our SSL Keys are 2048-bit RSA keys.
Last updated: September 5, 2023