Security Overview

See why the world’s top institutions and companies trust FirstIgnite.

Customer data security and privacy are top-of-mind at FirstIgnite. Every day, dozens of public and private entities trust our team and our technology to execute meetings, share confidential information, sign agreements, and transact payments. The content on this page outlines measures we have in place to keep customer data safe and to operate our services efficiently.

Access control and organizational security

 

Personnel

All of our employees and contractors sign confidentiality agreements before gaining access to our systems, software, data, and code. Each person at FirstIgnite is trained and made aware of security concerns around access and best practices for our systems.

Regular reviews and testing

Our software infrastructure is updated regularly with the latest security patches. We employ manual and automated testing throughout our development pipeline to be cognisant of potential vulnerabilities before any updates are deployed to production.

Team responsibilities

Our backend engineering team is responsible for security, infrastructure, and performance and is in charge of access/identity management, and log file management. Their responsibilities include:

  • Reviewing all changes to the code and infrastructure to ensure they follow best practices and security guidelines (such as OWASP)
  • Building and operating FirstIgnite’s infrastructure, including logs, monitoring, and authentication
  • Reviewing, testing, and designing incident response processes
  • Responding to alerts triggered by any security events
  • Monitoring and alerting on anomalous activity
  • Coordinating vulnerability testing with external security researchers

Incident management and disaster recovery

 

Redundancy

Our entire infrastructure is hosted in the cloud, and all user data is redundant. Files uploaded by our customers are stored on servers that utilize cutting-edge technology to eliminate bottlenecks and points of failure.

Backups

We perform multiple backups per week of all databases and files. Our backups are encrypted and stored safely by our cloud provider. We have procedures for responding to incidents managed by our engineering team. In the event of an incident, we contact impacted account owners and work with them closely until the issue is resolved.

Hosting Architecture

 

FirstIgnite is hosted on Amazon Web Services (“AWS“) in the United States of America and protected by the security and environmental controls of Amazon. The production environment within AWS where the FirstIgnite Services and Customer Data are hosted are logically isolated in a Virtual Private Cloud (VPC). Customer Data stored within AWS is encrypted at all times. AWS does not have access to unencrypted Customer Data. More information about AWS security is available at https://aws.amazon.com/security/ and https://aws.amazon.com/compliance/shared-responsibility-model/. For AWS SOC Reports, please see https://aws.amazon.com/compliance/soc-faqs/.

Third Parties

We partner with trusted service providers to operate our platform and provide functionality like calendar integration, video meetings, and other communications.

 

Nylas

We use Nylas to allow users to connect their calendars with FirstIgnite to streamline meeting scheduling. Nylas is a Google and Microsoft verified partner and is certified in the latest security standards including SOC 2 and GDPR. You can access their security overview here.

Zoom

We partnered with Zoom, allowing for video and dial-in meetings to take place on the platform. Zoom is trusted by over 300 million users every day, and is globally certified in SOC 2, CSA STAR Level 2, ISO 27001, and others. You can view their security overview here.

Stripe

We integrate with Stripe to support payments and payouts on the platform. FirstIgnite does not store any sensitive payment data. Stripe is a PCI Level 1 Service Provider which is the most stringent level of certification available in the payments industry. Their security docs are available here.

Plaid

We use Plaid in conjunction with Stripe so that users can easily and securely link their bank accounts to be used for payments and payouts. Plaid is certified in both ISO 27001, and ISO 27701, and is SOC 2 compliant. You can find more details here.

Encryption In Transit and At Rest

 

Encryption in transit

All internet traffic between our servers and your device is encrypted with SSL/TLS using the latest encryption protocols. We require HTTPS on all requests, use HTTP Strict Transport Security, authenticated origin pulls, and perform browser integrity checks to prevent MITM attacks and cookie hijacking.

Encryption at rest

We employ military-grade encryption (AES-256) and tamper-proofing mechanisms on sensitive user data, including chat messages and files that are shared on the platform, to protect data integrity in the event of a breach. Non-sensitive information is not encrypted when stored but is saved to a database on an encrypted instance.

​Have a concern? Want to learn more?

​​Please send us a note here. We’re happy to help in any way we can.