TeachBoost stores critical information for our customers—highly sensitive employment records, notes, ratings, and documents that must always remain protected. We go to great lengths to protect the security of your accounts, data, and users, and we're always looking for ways to improve and harden our practices.
Continue for our growing list of account and data security practices, or learn how to submit a security issue that you've identified.
All of our systems run the latest stable versions of Debian on machines hosted at our data center, Linode, and we take great care in staying current on our foundational software releases and security patches.
Much of our software uses open source databases, server software, and other libraries with a track record of stable, secure, and well-tested releases. Some of these include MariaDB and Elasticsearch, NGINX, and frameworks like Laravel, and we review each new version prior to updating our dependencies. We maintain close to 100% code coverage via unit testing and every update we make to our prouction servers has a multipoint code review.
Security and privacy mindfulness are part of our culture and represent themselves throughout our development process. We only ever request as many user privileges, add dependencies, and share data as minimally necessary.
All customer data is stored with at least dual redundancy and we've designed our data storage for nearly 100% long term durability. All long-term database backups are stored on encrypted drives outside of our application storage pool and network.
We also employ a number of server monitoring and protection tools to prevent and mitigate against various types of threats, like denials of service, server intrusion, SPAM, and password cracking. We use Monit to monitor all of our machines and alert our team to potential issues, and we keep detailed server logs for at least 30 days.
Our infrastructure runs inside data centers managed by Linode in New Jersey and Amazon Web Services in Virgina, both of which feature modern, state of the art environmental security controls to safeguard against fires, power loss, and adverse weather conditions. Physical access to these facilities is restricted and they are monitored by professional security personnel.
All of our offices are in modern, shared office environments equipped with access control, intrusion detection, and video surveillance systems. Our laptops and desktops use hard disk encryption and any local backups of user data, if necessary, are always located in secure places.
We fully appreciate the efforts of software security researchers who work to make the Internet more secure. If you find issues or vulnerabilities with our own software or content websites, we very much encourage you to report it securely to us taking the following precautions.
We respectfully ask that you do not publically disclose any bug or vulnerability that you discover or are made aware of.
While we don't currently have an established bug bounty or reward program and cannot promise compensation for every report, we reserve the right to offer payment at our discretion.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOxELuaLnVfxbhsFeNE1p3H0M1twpBGTAuv6hqavFd54/FsDnb7FysA7pH3ogkGXLrhfsGRxlYGqtPhThAIwSYVhLy3bPVtPNA/DT5k3GzVJWvuttmpyCcbyPTkLODNprD5WTqEfcEZaQj3GHJP5XBToVLu5WdqXMXi5aI1q7PxT4cA7zbewA9VWBY2Pd3mDLKIr9oaMdk1p1ythTRdhnYKogYfbPGORGuzySS203y7NizS1INdOsSP1nBXMKnmOap4ZFrRoQaW9WBxqz/dHiZ8aHJnVj6Kaq6W+moBsi1nTwXixWQrWr8QccxYt6r0sIiqx1PxtAZVdJGo6YbiU32oW8RIj6suOGR/yNwfUhUGjv+oN6BHA8Eo4CR6e/y9l9yGXLfnGZ9JHqQE+jbEBcSICC6ROg0DCBCsWWXs3Je1Aj9VtDOOE+82AaNVHnG7zKhm2HqNRHs31Mtw52YkvxGFkw/uHDRpl1zQ1HmjGfUH4hhXraGilYvNH5Hx9CSwcq90SEXdV1j2ik+ueXXV2npxnV+9I+wknfhoTNnuAsvlc1A+6ZWBi1MpmjbbzSY89oco8oN13rzvLmPLIXsPoNjSI0WfidibHhNPYVrFyfG0wZABVdYyv2wRGD9z2r7YHaI6VEPCFH3IKDYKA2/wJruqJ8qwJ53tYLx8WorPbwExQ== firstname.lastname@example.org
-----END PGP PUBLIC KEY BLOCK-----