UserBit Security
We treat privacy and data security very seriously. We have taken a number of steps to make sure your information is always secure when you're using UserBit.
If you have specific questions, please don't hesitate to get in touch with us.
Send an email to support@userbit.com
Security Overview
UserBit's server and client infrastructure is hosted on Google Cloud Platform
Two-factor Authentication
UserBit offers SMS based two-factor authentication to protect against harmful data breaches, which are commonly caused by weak or stolen credentials.
Server-side Encryption
UserBit uses google firestore where your data and metadata is encrypted under the 256-bit Advanced Encryption Standard before it is written to disk, and each encryption key is itself encrypted with a regularly rotated set of master keys.
Transport Layer Security
To protect your data as it travels over the Internet during read and write operations, UserBit uses Transport Layer Security (HTTPS).
Robust Access management
Access to user data on UserBit is maintained via strict database level security rules to protect privacy and data confidentiality. By default, authenticated users have access to their own data only. Users can opt to share their data with their teammates via shared projects or by choosing to invite users explicitly for self-interview.
Payment processing
All payment related services are provided by Stripe, which is certified as a PCI Level 1 Service Provider. UserBit does not and cannot store or access sensitive payment information.
Comprehensive Authentication Security
UserBit uses firebase authentication framework built by the same team that developed Google Sign-in, Smart Lock and Chrome Password Manager, Firebase security applies Google's internal expertise of managing one of the largest account databases in the world.
Security Details
UserBit's infrastructure is entirely hosted on Google Cloud Platform (GCP) which takes advantage of the same security model as Google Apps like Gmail and Search. A detailed whitepaper on security policy can be downloaded here:
https://services.google.com/fh/files/misc/google_security_wp.pdf
Security Certificates
All Google Cloud services that UserBit uses, have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process:
| Service name | ISO 27001 | ISO 27017 | ISO 27018 | SOC 1 | SOC 2 | SOC 3 |
|---|---|---|---|---|---|---|
| Cloud Firestore | ||||||
| Cloud Functions for Firebase | ||||||
| Cloud Storage for Firebase | ||||||
| Firebase Authentication | ||||||
| Firebase Hosting | ||||||
| Google Analytics for Firebase |
Links to certificates:
Data Center Physical Security
UserBit uses Google's data centers and servers that are located in USA. These data centers feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection.
Moreover, these data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. UserBit employees do not have physical access to these servers and data centers.
Data Security
Encryption
All data on UserBit is automatically encrypted at rest and in transit. Any new data stored in persistent disks is encrypted under the 256-bit Advanced Encryption Standard (AES-256), and each encryption key is itself encrypted with a regularly rotated set of master keys.
During transit, all read and write operations on UserBit are protected using Transport Layer Security (HTTPS).
Access
The storage stack and secured layers of UserBit application require that incoming requests are authenticated and authorized. Data stored in our noSQL cloud database is protected by database level security rules and Google's Identity and Access Management (IAM). Only authorized employees at UserBit have electronic access to user data.
Customer data is logically isolated from that of other customers and users, even when it's stored on the same physical server. Only a small group of Google employees have access to customer data.
Disposal
User deleted data on UserBit is immediately wiped from our production database. Some critical deleted data like the project structure remains in our backup storage for 30 days, after which it is wiped from there as well. In the event that customers are unable to delete their data, they can also reach out to UserBit support to get their data wiped.
When retired from Google’s systems, hard disks containing customer information are subjected to a data destruction process before leaving Google’s premises.
Billing
UserBit does not store or transmit any sensitive payment data. All of our payment services are handled securely by our payments partner, Stripe, which is certified as a PCI Level 1 Service Provider.
You can read more about Stripe's privacy and security policy here: https://stripe.com/privacy.
Backups
All customer data and account content on UserBit is backed up regularly on a separate cloud storage.
Application Security
UserBit follows industry standard best practices for product development. All our releases and new features are thoroughly tested for security vulnerability before deployment.
In addition, UserBit is equipped with thorough internal logging and audit trail features that provide transparency into usage and access. With the help of Google's infrastructure, we get alerted to and react quickly to all security concerns.
