Product security is of utmost importance at Millie. Millie uses an Agile software development lifecycle, so when security effort is applied throughout our Agile release cycle, we can discover and address security-oriented software defects more quickly. We are continuously releasing software updates to ensure the best product experience and product security. At times, we may need to schedule a service window although we try our best to make changes as soon as possible without friction in the user experience.
Throughout our software development process, code and configuration changes are reviewed thoroughly. We test with a quality assurance process before deploying new code. This ensures a consistent experience throughout the platform.
Millie’s production infrastructure is hosted in Cloud Service Provider (CSP) environments including Heroku (hosted by Amazon), AWS, and Google Cloud Platform. All physical and environmental security-related controls for Millie production servers, which include buildings, locks or keys used on doors, are managed by these Cloud Service Providers.
Heroku + Amazon Web Services:
“Heroku utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.”
Google Cloud Platform:
“Google data center physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection. Our data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are available in case an incident occurs. Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training. As you get closer to the data center floor, security measures also increase. Access to the data center floor is only possible via a security corridor which implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter.”
Millie uses internal services that require transport-level security for network access.
All Millie employees are required to participate in helping secure our customer data and company assets.
The Millie platform is compliant with data protection laws and regulations applicable to the services we provide.
Millie is compliant with the General Data Protection Regulation (GDPR). We continue to improve our products and procedures to meet the GDPR obligations as a data processor.
Users must authenticate with a verified email address and password which is stored and encrypted in Firebase, a Google Platform product. Companies set controls over which users have administrative access to their company account.
Any data submitted to the Millie platform or service by authorized users is considered confidential. This data is protected in transit across public networks and encrypted at rest. All customer data is not authorized to leave our production service environment, except in very limited circumstances, like in support of a customer request.
All data transmitted between Millie and our users are protected using Transport Layer Security (TLS). If encrypted communication is interrupted the Millie application is inaccessible.
Millie utilizes Heroku as our database provider which utilizes encryption at rest. Access to Customer Data is limited to functions with a business requirement to do so.
If you think you’ve discovered a bug in Millie’s security, please send us an email at firstname.lastname@example.org and we will get back to you within 24 hours.