We are constantly taking the proper precautions to safeguard data, and in the unlikely event of a crash or breach, all data is backed up remotely each day. Our data is stored on a cloud-based, encrypted server and database that is PCI Level 1 compliant and backed up daily. All uploaded images and files are stored with Amazon Web Services (AWS) S3 cloud storage. Unlimited IP address restrictions are available within our platform for another level of content security.
Looking for more detail?
Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under:
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
Databases are encrypted at rest with AES-256, block-level storage encryption. All database backups are stored in an encrypted S3 bucket in the US region 🔐