All of our data is stored on a cloud-based server and database that is PCI Level 1 compliant and backed up daily. All uploaded images and files are stored with Amazon Web Services (AWS) S3 cloud storage.
Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
Databases are encrypted at rest with AES-256, block-level storage encryption. All database backups are stored in an encrypted S3 bucket in the US region and we use a wildcard SSL to protect all data in transit.