We Secure Your Data
We do not compromise on keeping your data safe. Period. We believe that data security and user privacy are an absolute requirement of working in technology..
Every application decision we make is scrutinized to make sure we are strengthening our data security. Here are some of the many steps we take to ensure your data is secure.
Encrypted Password and Credentials
We encrypt passwords using a one-way hashing algorithm called bcrypt. Once a password is encrypted, we are unable to decrypt it. In other words, we have no idea what your password is!
Strict User Permissions
We have a structure of strict user permissions in place to prevent any user from having access to another user's data without permission. Rabbu employees will only have temporary access to your data when it is necessary to complete their job function.
Your provider password is not stored.
We do not store your password that you use to connect a provider account. After you initially connect a provider your credentials are forgotten by our system.
Instead we are authenticated by the provider using a token provided by the provider during the initial connection.
That token looks something like this
But we don't store the token in that form either! We first encrypt the token using a private key, then store the result, which looks something like this:
An encrypted token will not successfully authenticate with a provider.
Your API Keys are Encrypted.
Any API keys used to connect a provider account are encrypted before they are stored in our database.
What this means for you:
- We do not store your credentials.
- We cannot change your provider account password.
- If you change your provider account password or delete the API keys you connected with we will no longer have access to your data.
In compliance with PCI-DSS requirements, we do not process or store any credit card information. No payment method information like credit card number ever hits our servers.
All payments made to Rabbu are handled through our financial partner Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.