Security

Security

Our commitment to protecting your data and online assets.

Data Integrity

Your data integrity and security is important to Speedyrails™. We provide a safe and secure place to host your application or website and related data in compliance with Canadian privacy law.

All physical and virtual servers operate independently and separately from all other servers across our network. We use strict filtering rules so that servers can only communicate using their assigned IP addresses—preventing man-in-the-middle attacks and other malicious activity.

Speedyrails™ servers use a stateless firewall to prevent unauthorized web traffic. The firewall protects your application or website by using traffic rule policies, connection-based policies, or pattern-based policies to make sure that only legitimate traffic is able to access your server.

Speedyrails™ also uses brute force detection to read authentication logs to check for failed login attempts, and we work with your firewall to prevent attackers from using brute force attacks to gain access to your servers.

Physical Security

Speedyrails™ uses Aptum (https://aptum.com/) datacenters to house our physical equipment. Aptum provides around-the-clock security including video monitoring, restricted access, and 24-hour on-site staff to provide protection against unauthorized access.

Aptum's facilities are independently audited by a third party to ensure full compliance with SSAE 16, CSAE 3416 Type II, and PCI-DSS physical security measures.

Our equipment is stored in locked cabinets and is only accessed by authorized personnel. All cabinet access is logged and regularly audited.

Organizational Security

Employees and contractors undergo background checks before working at Speedyrails™. Before starting work, they must agree to confidentiality terms and are briefed on our security practices and procedures.

Only authorized system administrators have access to customer servers to perform scheduled maintenance tasks and on-demand configuration updates. Administrators authenticate their access with unique SSH keys as a standard security practice. Administrators will only access customer data when explicitly requested to do so.

No other staff may access customer data at any time.

Upon employee termination of work at Speedyrails™, all access to our systems is immediately removed.

Additional Security Features

Speedyrails™ can add security measures to further protect your applications:

  • Managed vault clusters to store API keys, application passwords, encryption keys, etc.
  • File system and disk encryption
  • OpenVPN solutions to further secure your servers
  • Cloudflare DDoS protection

For further information about Speedyrails™ security features, please contact us.

Customer Payment Information

Speedyrails™ partners with Moneris and Stripe to protect your payment information in a PCI compliant secure vault, ensuring your cardholder information is safe. All payment information transmits via an encrypted, secure TLS connection to our payment partners. Your credit card number is never stored by Speedyrails™.

Reporting Abuse and Security Vulnerabilities

If you detect possible abuse originating from our network, contact abuse@speedyrails.com. Please include any application or server logs of suspected abusive activity.

To report a security vulnerability, please email us directly at security@speedyrails.com.

Speedyrails™ takes security vulnerabilities seriously and would greatly appreciate your help in disclosing any vulnerabilities you may discover in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any security concerns you may have.

Service Partners

Speedyrails™ partners with other companies for certain services. The following partners provide their own security policies and can provide details on how they secure your sensitive information. Please read our Privacy Policy for more information and for an up-to-date list of our service partners.