Security at Speedyrails

Your data is secure with Speedyrails.

Data Integrity

Your data integrity and security is important to Speedyrails, and we provide a safe and secure place to host your application and related data in compliance with Canadian privacy law.

All physical and virtual servers operate independently and separately from all other servers across our network. We use strict filtering rules so that servers can only communicate using their assigned IP addresses, preventing man-in-the-middle attacks or other malicious activity.

Speedyrails servers use a stateless firewall to prevent unauthorized web traffic. The firewall protects your application by using traffic rule policies, connection based policies, or pattern based policies, to make sure that only legitimate traffic is able to access your server.

Speedyrails also uses brute force detection to read authentication logs to check for failed login attempts, and work with your firewall to prevent attackers from using brute force attacks to gain access to your servers.

Physical Security

Speedyrails uses Cogeco Peer 1 data centers to house our physical equipment. Cogeco Peer 1 provides around the clock security, including video monitoring, restricted access, and 24 hour on-site staff to provide protection against unauthorized access.

Cogeco Peer 1 facilities are independently audited by a third party to ensure full compliance with SSAE 16, CSAE 3416 Type II, and PCI-DSS physical security measures.

Our equipment is stored in locked cabinets and is only accessed by authorized personnel. All cabinet access is logged and regularly audited.

Organizational Security

Employees and contractors undergo background checks before working at Speedyrails. Before starting work, they must agree to confidentiality terms and are briefed on our security practices and procedures.

Only authorized system administrators have access to customer servers to perform scheduled maintenance tasks and on-demand configuration updates. Administrators authenticate their access with unique SSH keys as a standard security practice. Administrators will only access customer data when explicitly requested to do so.

No other staff may access customer data at any time.

Upon employee termination of work at Speedyrails, all access to our systems is immediately removed.

Additional Security Features

Speedyrails can add security measures to further protect your applications:

  • Managed vault clusters to store API keys, application passwords, encryption keys, etc.
  • File system and disk encryption
  • OpenVPN solutions to further secure your servers
  • Cloudflare DDOS protection

For further information about Speedyrails security features, .

Customer Payment Information

Speedyrails partners with Moneris and Stripe to protect your payment information in a PCI compliant secure vault, ensuring your cardholder information is safe. All payment information transmits via an encrypted, secure TLS connection to our payment partners. Your credit card number is never stored by Speedyrails.

Reporting Abuse and Security Vulnerabilities

If you detect possible abuse originating from our network, contact abuse@speedyrails.com. Please include any application or server logs of suspected abusive activity.

To report a security vulnerability, please email us directly at security@speedyrails.com.

Our PGP key for disclosure is F7A3 92C7 156B 63DC 5895 9A87 2D3D 2D9A 74F3 7CC2.

Speedyrails takes security vulnerabilities seriously and would greatly appreciate your help in disclosing any vulnerabilities you may discover in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any security concerns you may have.

Service Partners

Speedyrails partners with other companies for certain services. The following partners provide their own security policies, and can provide details on how they secure your sensitive information.

  • Verizon Digital Media Services
  • Rackspace Email Hosting
  • Let's Encrypt
  • Cloudflare, Inc.
  • OpenSRS