At MetaLocator.com we take security very seriously. This article outlines the major areas where we focus on application security.
Each customer's data is stored in an individually secured MySQL database, with a unique, highly secure password assigned by our systems. Database permissions are assigned such that only that user may interact with that database. All operations within MetaLocator.com are executed under a user context, meaning that if you are not authenticated, no action can be taken. Similarly that authentication routes only to a single database, so there is not opportunity for cross-database communication.
Data Transfer Security:
Your locator may optionally be served via SSL. This ensures that MetaLocator will live alongside your Web site's secure eCommerce operations without inducing browser warnings.
Our API is accessible via SSL and requires the use of an assigned API Key, and your account username and password. Similarly our API feature allows users to securely transfer bulk data where it is stored in a secured location outside the document root of our Web server, then deleted upon import.
Customer Data Security:
We do not store your credit card number in any way. We use an industry-standard PCI compliant recurring billing feature from Braintree and Authorize.net to handle your credit card transactions. Authorize.net is the Internet's leading payment gateway, and we are certified Authorize.net developers.
MetaLocator works with MediaTemple.net and Amazon Web Services, world class hosting providers with customers including NetFlix, Starbucks Coffee, Sony, Adobe and Volkswagen. They take their data security as seriously as we do and include armed personnel, fire suppression and more.
The software behind MetaLocator.com has been deployed over 1600 times in 62 countries over 2 years. This "life in the wild" has given our developers the time and experience to prove it's security. We practice a "defence in depth" approach to data security, providing multiple levels of protection. Since MetaLocator.com is a hosted service, our proprietary software lessens our attack surface much greater than a distributed application.