Security Overview

We protect your data

All data are written to multiple disks instantly, and backed up daily.   Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

Your data are sent using HTTPS

Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS.  
Any files which you upload to us are stored and are encrypted at rest.  Our application databases are generally not encrypted at rest - the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems.

Full redundancy for all major systems

Our servers - from power supplies to the internet connection operate at full redundancy.  

Regularly-updated infrastructure

Our software infrastructure is updated regularly with the latest security patches.  Our products are carefully monitored.   While perfect security is a moving target, we follow best practices.

Monitoring

We monitor for nefarious activity against our domains.  If an Arthur Maxwell, Inc. employee or contractor wrongly accesses customer data, they will face penalties ranging from termination to prosecution.   In the unfortunate circumstances someone malicious does successfully mount an attack, we will immediately notify all affected customers.

Data & Physical Security in our Tech Stack

All Arthur Maxwell, Inc products' application data is hosted on Heroku and AWS, and Outseta is our CRM. Please consult their respective security policies for more information:

Heroku Security
AWS Cloud Security
Outseta Security

We do not store payment information on our servers.
Instead we use tokenization with our payment processing partner Stripe. We use only the token to retrieve, access, or maintain customers' credit card information. Meanwhile,  customers' real card data is stored with Stripe at a highly secure, offsite locations. Tokens have no meaning by themselves and are worthless to criminals if a company's system is breached in any way.

Stripe is certified as fully compliant with the PCI DSS. The PCI DSS covers 12 major categories of information security, including network design, data storage, intrusion monitoring and the use of security-aware IT policies.

We appreciate your concern

Keeping customer data safe and secure is a huge responsibility and a top priority.  We work hard to protect our customers from the latest threats.  Your input and feedback on our security is always appreciated.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please email support@ourexperiences.com to report an issue.

Get in touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.