Security Overview

We protect your data.

All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

Your data are sent using HTTPS.

Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.

Any files which you upload to us are stored and are encrypted at rest. Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems. Our database backups are encrypted using GPG.

Full redundancy for all major systems.

Our servers — from power supplies to the internet connection to the air purifying systems — operate at full redundancy. Our systems are engineered to stay up even if multiple servers fail.

Sophisticated physical security.

Our state-of-the-art servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.

Regularly-updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.

We protect your billing information.

We have a team dedicated to maintaining your account’s security on our systems and monitoring tools we’ve set up to alert us to any nefarious activity against our domains. To date, we’ve never had a data breach.

We also audit internal data access. If an ABG employee wrongly accesses customer data, they will face penalties ranging from termination to prosecution. Again, to our knowledge, this hasn’t happened.

We have processes and defenses in place to keep our streak of 0 data breaches going. But in the unfortunate circumstances someone malicious does successfully mount an attack, we will immediately notify all affected customers.

Over 10 years in business.

We’ve been around the block and we’ve seen a lot of companies come and go. Security isn’t just about technology, it’s about trust. Since 2014, we’ve worked hard to earn the trust of over hundreds of thousands of companies world wide. We’ll continue to work hard every day to maintain that trust. Longevity and stability is core to our mission at ABG.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please visit our security response section for details on how to securely submit a report.

Security Response

We appreciate your concern

Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.

Reporting security problems

If you are a customer and your account is under an attack such as hacking or mailbombing, send us an email at support@myswansong.com. We will respond within two hours and work with you to counter the attack.

Report security vulnerabilities via security@myswansong.com. We’ll review your report and get back to you as soon as we can, usually within 72 hours. Please email our Security team if you have questions about the bug bounty program or don’t hear back from us on HackerOne in a timely manner.

For other urgent or sensitive reports, please email our Security team. We’ll respond as soon as we can.

For requests that aren’t urgent or sensitive: submit a support request.

Tracking and disclosing security issues

We work with security researchers to keep up with the state-of-the-art in web security. Have you discovered a web security flaw that might impact our products? Please let us know. If you submit a report, here’s what will happen:

  • We’ll acknowledge your report.
  • We’ll triage your report and determine whether it’s eligible for a bounty.
  • We’ll investigate the issue and determine how it impacts our products. We won’t disclose issues until they’ve been fully investigated and patched, but we’ll work with you to ensure we fully understand severity and impact.
  • Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery.

Our products are built on the Ruby on Rails framework (which we created and maintain). The issue you reported might affect Rails, Ruby, or some other part of our technology stack. We ask for your patience while we also make sure other companies and their customers are protected. Either way, you’ll always have a ABG contact for your issue.

Thanks for working with us

Adapted from the Basecamp open-source policies / CC BY 4.0

* This policy and process applies to any product created and owned by American Brokerage Group, Inc. and includes My Swan Song (together, "ABG").