Data Security

We know how important your data is in TeachBoost and that you trust us to keep it safe. Our top priority is to protect the security of your accounts, customer data, and interactions in our apps, and here's a bit about how we do it.

How we protect your data

Privacy and security are embedded values.

TeachBoost stores critical information for our customers—highly sensitive employment records, notes, ratings, and documents that must always remain protected. We go to great lengths to protect the security of your accounts, data, and users, and we're always looking for ways to improve and harden our practices.

Continue for our growing list of account and data security practices, or learn how to submit a security issue that you've identified.

You can also read our privacy policy and data retention policy for additional details on how we protect and secure your data in other contexts.

Account security

The security of your accounts, our login process, and data transmission while you're using our services is the first and most conspicuous set of measures we take. We serve our website and APIs exclusively via HTTPS and secure these processes through a number of different methods and technologies.

HTTPS

Every time you access our services, API, mobile apps, blog, and other content websites, your connection and data are encrypted via TLS. We always secure your connection this way and your browser will let you know with a lock icon in the address bar. Our certificates are issued by Sectigo Limited and always signed by TeachBoost.

Account passwords and API tokens

We enforce various password requirements upon registration and reset to ensure that they always meet minunum security levels. Our API tokens are only accessible in-app and you may request that we reset them at any time.

User access roles

Within TeachBoost we have an advanced set of user access roles and permission levels so that you can control what types of content and actions your users may see and do. Administrators in your organization may revoke user access or change these levels at any time and every account may only have one unique email address.

Software & data security

All of our systems run the latest stable versions of Debian on machines hosted at our data center, Linode, and we take great care in staying current on our foundational software releases and security patches.

Application software

Much of our software uses open source databases, server software, and other libraries with a track record of stable, secure, and well-tested releases. Some of these include MariaDB and Elasticsearch, NGINX, and frameworks like Laravel, and we review each new version prior to updating our dependencies. We maintain close to 100% code coverage via unit testing and every update we make to our prouction servers has a multipoint code review.

Security and privacy mindfulness are part of our culture and represent themselves throughout our development process. We only ever request as many user privileges, add dependencies, and share data as minimally necessary.

Data encryption and controls

All customer data is stored with at least dual redundancy and we've designed our data storage for nearly 100% long term durability. All long-term database backups are stored on encrypted drives outside of our application storage pool and network.

Server software and bad actor mitigation

We also employ a number of server monitoring and protection tools to prevent and mitigate against various types of threats, like denials of service, server intrusion, SPAM, and password cracking. We use Monit to monitor all of our machines and alert our team to potential issues, and we keep detailed server logs for at least 30 days.

Employee access controls

TeachBoost team access is controlled and carefully managed by our COO with only as much access to customer data as necessary for daily job responsibilities. All team members sign non-disclosure agreements to protect your data and are instructed on our data practices, security policies, and best practices at onboarding.

Our team account credentials are stored in Bitwarden with controlled access to accounts, and we enforce 2-factor authentication here and to our core communication services.

Physical security

Our infrastructure runs inside data centers managed by Linode in New Jersey and Amazon Web Services in Virgina, both of which feature modern, state of the art environmental security controls to safeguard against fires, power loss, and adverse weather conditions. Physical access to these facilities is restricted and they are monitored by professional security personnel.

All of our offices are in modern, shared office environments equipped with access control, intrusion detection, and video surveillance systems. Our laptops and desktops use hard disk encryption and any local backups of user data, if necessary, are always located in secure places.

Reporting security issues

We fully appreciate the efforts of software security researchers who work to make the Internet more secure. If you find issues or vulnerabilities with our own software or content websites, we very much encourage you to report it securely to us taking the following precautions.

  • Copy our PGP public key below and import it into your email client to securely email us. If you're unfamiliar with signing emails, take a look at the instructions for Mailmate, Thunderbird, Outlook, GMail, or other clients.
  • Send a signed email to security@teachboost.com with subject line, TeachBoost vulnerability report, and containing the following information: your name, detailed description of of the bug or vulnerability, the steps we can take to reproduce it, and the date you discovered it.

We respectfully ask that you do not publically disclose any bug or vulnerability that you discover or are made aware of.

While we don't currently have an established bug bounty or reward program and cannot promise compensation for every report, we reserve the right to offer payment at our discretion.

-----BEGIN PGP PUBLIC KEY BLOCK-----

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOxELuaLnVfxbhsFeNE1p3H0M1twpBGTAuv6hqavFd54/FsDnb7FysA7pH3ogkGXLrhfsGRxlYGqtPhThAIwSYVhLy3bPVtPNA/DT5k3GzVJWvuttmpyCcbyPTkLODNprD5WTqEfcEZaQj3GHJP5XBToVLu5WdqXMXi5aI1q7PxT4cA7zbewA9VWBY2Pd3mDLKIr9oaMdk1p1ythTRdhnYKogYfbPGORGuzySS203y7NizS1INdOsSP1nBXMKnmOap4ZFrRoQaW9WBxqz/dHiZ8aHJnVj6Kaq6W+moBsi1nTwXixWQrWr8QccxYt6r0sIiqx1PxtAZVdJGo6YbiU32oW8RIj6suOGR/yNwfUhUGjv+oN6BHA8Eo4CR6e/y9l9yGXLfnGZ9JHqQE+jbEBcSICC6ROg0DCBCsWWXs3Je1Aj9VtDOOE+82AaNVHnG7zKhm2HqNRHs31Mtw52YkvxGFkw/uHDRpl1zQ1HmjGfUH4hhXraGilYvNH5Hx9CSwcq90SEXdV1j2ik+ueXXV2npxnV+9I+wknfhoTNnuAsvlc1A+6ZWBi1MpmjbbzSY89oco8oN13rzvLmPLIXsPoNjSI0WfidibHhNPYVrFyfG0wZABVdYyv2wRGD9z2r7YHaI6VEPCFH3IKDYKA2/wJruqJ8qwJ53tYLx8WorPbwExQ== security@teachboost.com

-----END PGP PUBLIC KEY BLOCK-----