We would like to thank you for considering UserNurture as your training software provider. While we are a very small team, we take security very seriously and aim to provide you the same top level of service as any other provider.
This document covers our security practice and policies. If you are interested in reviewing the data we collect and store, please take a look at our security policy.
What is UserNurture?
UserNurture is a technology startup based in the US.
Where is UserNurture hosted?
We are hosted on Amazon Web Services. Cloudflare provides CDN, DNS, and DDoS protection.
Customer data is stored in U.S. data centers. Some data (Html pages & assets) may be cached in other geographies by our CDN.
Is customer data encrypted?
All customer data is encrypted at rest and in transit.
We are using Https to encrypt all traffic served to end-users. At rest on AWS encryption is done using an industry-standard AES-256 encryption algorithm
How are users authenticated?
By default, all customer data, unless explicitly public, can only be accessed by authenticated users with valid permissions.
3rd party services that process data
Stripe for Payments
Google Analytics for Analytics
Amazon Web Services for hosting
UserNurture is a small team supplemented with contractors. Our contractors sign an NDA before gaining access to sensitive information. Contractors are given the lowest level of privilege required to complete their tasks, which rarely includes access to production data.
Administrators for each account have the opportunity to invite additional team members (administrators) or their customers/team members (learners) using a uniquely generated invite link to access the platform. As a part of that onboarding process each administrator or learner must set his or her own password.
Software Development practices
All code created by developers must be approved and test by our team member before being committed to production. This code is tested in our staging environment before being deployed.
Our backend server is hosted on Amazon Web Services.
Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Any further questions?
Please email us at [email protected] and we’ll happily provide you an answer and update this document accordingly.