Security

(Last updated July 23, 2020)


1. DATA SECURITY POLICIES
All data stored on Goldcast is encrypted at rest using industry standard encryption standards like AES-256 at rest. All external access to Goldcast is additionally encrypted in-transit using SSL/TLS. Finally, Goldcast ensures a secure deletion process, so all customer data is completely deleted upon a client's request or automatically following contract termination.

2. NETWORK SECURITY POLICIES
We have strong firewall policies to detect and prevent bad actors from accessing Goldcast resources. Additionally, quarterly penetration tests are run by an external firm to highlight security vulnerabilities, and a bug bounty program is in place to reward external researchers that notify Goldcast of any other possible vulnerabilities. Finally static code analysis tools are used to find possible security flaws in code before they go into a production environment.


3. ACCESS CONTROL
All Goldcast employees must pass background checks to screen employees before hiring, and are given thorough formal training in security best practices. We follow the principle of least privilege when granting permissions in our system which means that very few employees (and no contractors) have access to customer data. Finally, we have fine-grained logging of all data access in our system, and conduct periodic reviews of access levels.

4. UPTIME AND AVAILABILITY
We know how important it is for a virtual events platform to stay online before, during and after events, and we strive to have 99.99% uptime for all of our services. We maintain a status page that shows our uptime.

5. QUESTIONS
For any questions about our security or to report any incidents or system failures, please contact support@goldcast.io