Last updated: November 1st, 2023
Arrows is hosted on Heroku. Heroku utilizes AWS data centers for hosting. AWS data centers are accredited under:
You can read more details about Heroku's security practices below:
Arrows data is stored in Heroku Postgres. Data is backed up under Heroku's Continuous Protection ensuring customer data is incrementally snapshotted and backed up. We monitor our servers and logs and have an engineer on call 24/7.
Arrows is deployed multiple times per week, ensuring that any fixes can be deployed rapidly.
All Arrows web page requests are protected with SSL and HTTPS.
Our goal is to help you onboard your customers successfully, and we only store and use data in service of that end goal.
Please view a list of our subprocessors.
Arrows payments are processed by Stripe. Stripe is certified as a PCI Level 1 Service Provider—the most stringent level of certification available in the payments industry. Arrows does not handle any payment data.
Arrows does not store user passwords in our database. Instead we provide magic login links sent via email.
Security training is part of Arrows employee onboarding. Arrows employees use 1Password to manage and ensure secure passwords, and use 2 factor authentication where available.
Great! Please email us at email@example.com and we'll happily update this doc.