How do you mitigate security vulnerabilities? Systems are managed such that security vulnerabilities can be mitigated via centrally managed patch repositories and configuration compliance mechanisms. Routine vulnerability scans and internal/external penetration tests are performed to expose any lapses in preventative application access controls. Security patches are prioritized and applied within 24 hours when possible. We allow our enterprise customers to engage third parties to conduct pen tests on their dedicated RELAYTO environment. How does your patching test and deployment work? Patches (e.g. hotfixes) go through a very similar process as the rest of our product releases. The fixes are reviewed by another developer and functionally tested by QA. Depending upon the fix, we will then test the fix on our stage environment. If that all passes, then we deploy to production. Can RELAYTO be affected by DDOS attacks? RELAYTO has partnered with Cloudflare, the leader in Web Performance and Security on the Web in order to protect ourselves from DDOS attacks. We benefit from the Cloudflare network and experience of mitigating DDOS attacks. Technical excerpt from Cloudflare website: Cloudflare’s advanced DDoS protection, provisioned as a service at the network edge, matches the sophistication and scale of such threats, and can be used to mitigate DDoS attacks of all forms and sizes including those that target the UDP and ICMP protocols, as well as SYN/ACK, DNS amplification and Layer 7 attacks. Cloudflare is one of the largest DDoS protection networks in the world. It offers flat-rate DDoS protection based on Anycast technology and has successfully mitigated attacks bigger than 400Gbps. Can I use RELAYTO on premise? RELAYTO does not offer an on premise solution at this moment. If you are interested exploring enterprise hosting options, please contact [email protected] Do RELAYTO employees access customer data? RELAYTO does not access customer data or customer environments as part of day-to-day operations. When customers request support, authorized RELAYTO employees are able to view customer data and will only do so when specifically requested or when required such as making recommendations to improve document experience, give design suggestions, and so forth. All RELAYTO employees are trained and understand that customer data privacy and confidentiality is paramount, and under no circumstances is customer data ever disclosed to a third-party. 41 of 52