Who has access to my data?
We utilise Amazon's AWS infrastructure.
AWS data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems, and other electronic means. Authorised staff must pass two-factor authentication a minimum of two times to access data centres floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorised staff. AWS only provides data centres access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centres by AWS employees is logged and audited routinely.
Support and engineering staff have root access to the system. Although they can technically access any unencrypted file in its raw format, we do not utilise this level of access. On top of this MyEDiary encrypts all sensitive data stored on the server.
We use industry standards on passwords, enforced 2FA to our platform, and control accessibility through a VPN connection to those who are remote.
Only authorised employees of MyEDiary have access to the servers and database. Access is granted via an SSH session with a unique key, username and password.