High Mobility's data platform is primarily hosted in AWS
, giving us access to the benefits they provide their customers such as physical security, redundancy, scalability and key management.
In addition to the benefits provided by AWS, our application has additional built in security features:
- Role based permissions
- Data segregation
Customer Data and Privacy
High Mobility stores the following customer data in its cloud:
- Name (mandatory)
- Email address (mandatory)
- Payment history and invoices (credit card data is stored and processed by Stripe)
- Phone Number
- Billing address
- Location (city, country)
SSL Encryption is used throughout High Mobility to protect public and non-public data from unauthorised access.
All communication between High Mobility users and the our web application is encrypted-in-transit while using the application. All databases and database backups are encrypted at rest.
Customers can request all of their data, or have it deleted by sending an email to: email@example.com
as long as it is not subject to a legal hold or investigation.
Once an account or project is deleted, all associated data (account settings, etc.) are removed from the system within 24 hours. This action is irreversible.
Access to Data
Customer data is limited to only those with roles that require access to perform their job duties. An example of this is our Support team.
Access to our data platform administrator panel is strictly given on an individual basis. The admin panel allows to see registered customers and applications. With elevated permissions, it’s also possible to trigger sensitive operations such as account suspension. Any such “write” operation within the admin panel needs the explicit consent from one other admin with the same access permissions.
Pentesting and Security Scans
High Mobility conducts pentests at least annually. In addition to regular pentesting, we also use scanning tools to monitor and detect vulnerabilities.
If you believe you have discovered a vulnerability within High Mobility’s application, please submit a report to us by emailing firstname.lastname@example.org
. We do not participate in a bug bounty program at this time, nor do we provide monetary rewards for findings.
If you believe your account has been compromised or you are seeing suspicious activity on your account please report it to: