Security FAQs

Common questions asked regarding Security at WebMaxy:


Where is my data stored? #

As a WebMaxy user, your data is stored in our secure cloud environment, hosted by Amazon Web Services. The data is geographically located in the us-east-1 region, North Virginia. Read more about our Cloud Security.

Back to top

What network controls has WebMaxy implemented to protect the data it stores? #

Data in transit between end-users and WebMaxy’s cloud environment is encrypted using HTTPS over TLS 1.2. This is verifiable by an independent check that can be performed via SSL Labs. Read more on our Networking Security Controls.

Back to top

What physical controls has WebMaxy implemented to protect the data it stores? #

WebMaxy is hosted in a nondescript data center location that utilizes a number of managed, physical and automated measures to prevent unauthorized access to its facilities. Read more about the physical security of WebMaxy.

The data center has appropriately mitigated the risks of fire and water damage. You can read more about the environmental controls in place.

What organizational controls does WebMaxy have in place? #

Our Information Security Policy is the overarching collection of policies WebMaxy implements to ensure the confidentiality, integrity, and availability of the data we store.

More detail on our policies, procedures, and standards can be found here.

Back to top

Do you run a bug bounty program? #

Yes, we currently have a private bug bounty program, hosted by HackerOne. We encourage all industry experts and researchers to partner with us to disclose vulnerability responsibility via this platform.

Back to top

Are we able to conduct our own penetration testing or security assessment scanning of WebMaxy? #

We have found that it is almost impossible to recognize simulated security assessments from that of genuine threats. As such, we coordinate our own annual security assessments. The details of our latest assessment can be found here.

Back to top

How frequently does WebMaxy run privacy and security training? #

Security and privacy training is provided to all new team members during their onboarding. The training aims to provide a baseline understanding within the context of WebMaxy, its values and how we appropriately implement controls to help protect WebMaxy and the data we store.

Back to top

What monitoring and testing controls have been implemented for the detection of suspected incidents? #

WebMaxy has extensive monitoring and alerting tools that provide near real-time monitoring to on-call engineers. In the event of an incident, our Incident Response Management Plan will be initiated.

Back to top

Does WebMaxy have a Secure Development Coding Lifecycle? #

WebMaxy has implemented a robust application assessment process that includes a number of key security checkpoints throughout the pipeline. More details of this can be found in WebMaxy Coding Guidelines.

Back to top

Does WebMaxy have a status page? #

Yes, our status page can be found here.

Back to top

Copyright @ 2022 WebMaxy | All rights reserved.