Rime

Security

We know your data is extremely important to you and your business, and we're very protective of it.

Physical Security

  • Data center access limited to data center technicians and approved Rime staff
  • Biometric scanning for controlled data center access
  • Security camera monitoring at all data center locations
  • 24x7 onsite staff provides additional protection against unauthorized entry
  • Unmarked facilities to help maintain low profile
  • Physical security audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
  • Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions

Operational Security

  • Data center operations are regularly audited by independent firms against a SOC 1/SSAE 16 (or equivalent) standard
  • Systems access logged and tracked for auditing purposes
  • Secure document-destruction policies for all sensitive information
  • Fully documented change-management procedures
  • Independently audited disaster recovery and business continuity plans in place for Rackspace headquarters and support services

Software Security

We employ a team of 24/7/365 server specialists at Rime to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.

Communications

All private data exchanged with Rime is always transmitted over SSL (which is why your dashboard is served over HTTPS, for instance). All pushing and pulling of private data is done over SSH authenticated with keys, or over HTTPS using your Rime username and password.

The SSH login credentials used to push and pull can not be used to access a shell or the filesystem. All users are virtual (meaning they have no user account on our machines) and are access controlled through the peer reviewed.

File system and backups

Every piece of hardware we use has an identical copy ready and waiting for an immediate hot-swap in case of hardware or software failure. Every line of code we store is saved on a minimum of three different servers, including an off-site backup just in case a meteor ever hits our data centers (we'll keep our fingers crossed that doesn't happen). We do not retroactively remove data from backups when deleted by the user, as we may need to restore the data for the user if it was removed accidentally.

We do not encrypt data on disk because it would not be any more secure: the website and Rime back-end would need to decrypt the data on demand, slowing down response times. Any user with shell access to the file system would have access to the decryption routine, thus negating any security it provides. Therefore, we focus on making our machines and network as secure as possible.

Employee access

No Rime employees ever access private data unless required to for support reasons. Staff working directly in the file store access the compressed Rime database, your code is never present as plaintext files like it would be in a local clone. Support staff may log into your account to access settings related to your support issue. In rare cases staff may need to pull a clone of your code, this will only be done with your consent. Support staff does not have direct access to clone any data, they will need to temporarily attach their SSH key to your account to pull a clone. When working a support issue we do our best to respect your privacy as much as possible, we only access the files and settings needed to resolve your issue. All cloned data are deleted as soon as the support issue has been resolved.

Maintaining security

We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.

We have full time security staff to help identify and prevent new attack vectors. We always test new features in order to rule out potential attacks, such as XSS-protecting wikis, and ensuring that Pages cannot access cookies.

Contact Us

Have a question, concern, or comment about Rime security? Please email support@rime.co.