Security Overview

We believe that an agency help desk and client portal software is a critical part of your business and we take security of customer data extremely seriously. We host ManyRequests using comprehensively hardened infrastructure-as-a-service (IaaS) platforms from Amazon Web Services.

In addition, ManyRequests provides a full suite of tools and features which enable businesses to manage exactly what data ManyRequests records and stores.

Key point: you control what data ManyRequests records and stores.

Accessing any ManyRequests data is restricted to authorized users that are authenticated using the AWS standards-based Identity Provider. These passwords are encrypted one-way with PBKDF2-SHA256 encryption method and kept securely on AWS database servers. All identity and access management is done directly with these servers and there is no way for ManyRequests to know to know a user’s password as they’re encrypted at signup time.

ManyRequests supports multiple permission levels for internal users and client users. Permission level changes can only be made by admins (internal admin users and client admin users).

ManyRequests production data is processed and stored within world-renowned data centers that use state-of-the-art multilayer access, alerting, and auditing measures. ManyRequests does not own any physical servers. 100% of the data is processed and kept on servers provided by AWS.

All ManyRequests servers and structured datastores use managed infrastructure services provided and secured by Amazon. Our web servers encrypt data in transit using the industry standard for HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.

All persistent data is encrypted at rest using industry-standard AES-256 algorithms.

All changes to source code are subject to automated testing and any that affect security require pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.

All code is deployed to a staging environment for quality assurance and automated tests must pass prior to updating production services.

ManyRequests’ infrastructure utilizes multiple and layered techniques for increasingly reliable uptime, including the use of load balancing and task queues. ManyRequests uses highly redundant datastores, rapid recovery infrastructure, and point-in-time backups making unintentional loss of customer data very unlikely.

All ManyRequests servers use Digital Ocean and AWS backed infrastructure which provide load balancing, auto-scaling, and application health monitoring to ensure the application is always running reliably.

On the client side, ManyRequests uses several techniques to ensure the security of the application including JSON web tokens for managing sessions and using secure cookies.

We use Stripe for payment processing and do not store any credit card information. Stripe is a trusted, Level 1 PCI Service Provider. Learn more.