Security Overview

Connect Rocket is proud to celebrate its 15th year in business as a self-financed entity. Operating without external shareholders or debt, we prioritize our commitment to our customers above all else. This unique structure allows us to align our business objectives directly with the protection of customer data. As a testament to our focus on security measures, Connect Rocket has never experienced a data breach.

This document provides a high-level overview of our security practices, controls, and policies, demonstrating our commitment to maintaining reliable applications and safeguarding your data.

Terms & Privacy Policy

For your reference, our Terms of Service can be reviewed at:

Additionally, our Privacy Policy is available at:

Connect Rocket Controls and Security

Access to our production infrastructure is strictly limited to key personnel. The infrastructure is isolated from the internet, permitting HTTPS access solely through the load balancer, with all other access requiring an isolated bastion host. Access to the bastion host is restricted to a whitelist of known IP addresses. We manage HTTPS traffic via a Web Application Firewall, and our Domain Name System (DNS) is hosted and proxied by Cloudflare, enhancing our protective measures.

Connect Rocket has established comprehensive written data security policies that are regularly reviewed and updated to reflect best practices and emerging threats.

Servers & Systems Redundancy

Applications developed by Connect Rocket are hosted with Amazon Web Services (AWS). We ensure data redundancy through instant writing to multiple disks, daily backups, and storage across multiple geographical locations.

AWS’s data centers are engineered to endure and recover from potential failures without compromising service levels. In the case of an outage, automated systems re-route traffic to alternative locations. We adhere to an N+1 deployment standard for core applications, ensuring that traffic can be effectively load-balanced across available sites during outages.

Furthermore, critical system components are backed up across diverse, isolated locations known as Availability Zones, each designed for high reliability and operational independence. This architecture supports seamless failover between Availability Zones, minimizing disruptions.

AWS also ensures that electrical power systems are fully redundant and maintainable without operational interruptions, thanks to back-up power supply systems dedicated to sustaining critical operations during electrical failures. To manage climate control, AWS data centers utilize sophisticated systems that regulate temperature and humidity, thus preventing overheating and potential service interruptions. Continuous monitoring safeguards the optimal functioning of our technical infrastructure.

Fire detection and suppression systems have been installed throughout the data centers, utilizing advanced smoke detection sensors. Water leak detection systems are also in place to mitigate the risk of water damage.

Physical Security

AWS data center physical security begins at the Perimeter Layer. This Layer includes a number of security features, such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Access to AWS data centers is granted only to pre-approved employees. All requests for data center access must be substantiated with valid business justifications, following the principle of least privilege. Requests are meticulously reviewed and must detail the specific areas within the data center for which access is being sought.

Third-party access is similarly controlled, with requests requiring authorization and justification from approved personnel. Permitted visitors must present identification, sign in, and be escorted by authorized staff during their presence on site.

Access controls are rigorously enforced, with regular reviews ensuring that terminated employees have their access revoked promptly. Systems for logging and monitoring physical access activities are in place to enhance security protocols continually.

Physical security measures include Closed Circuit Television (CCTV) monitoring and a system of alarms for unauthorized access attempts or breached entry protocols. Multi-factor authentication mechanisms are required for accessing all secure areas.

Data center assets are meticulously tracked through an inventory management system, ensuring that possession, status, and maintenance needs are monitored throughout their lifecycle. Storage devices containing customer data are classified as critical assets and managed according to stringent standards. When decommissioning media, AWS adheres to guidelines established by NIST 800-88 to ensure complete data destruction.

Data Encryption, Storage and Deletion

All data transmitted within the AWS network and to the public internet is encrypted using SHA-256 with RSA encryption. Backups of this data are encrypted with AES-256 protocol and conducted nightly, with all data being stored in Canada under robust AES-256 encryption at rest.

Customer content will become inaccessible immediately upon account cancelation, with data only remaining in our backups. Any data stored in backups will be retained for a maximum of seven (7) days, thereafter all data will be removed from our systems.

Incident Handling and Recovery

Our organization prioritizes dynamic incident handling and recovery protocols. We conduct regular recovery drills to ensure preparedness across staging and production environments, reinforcing our commitment to swift and effective incident resolution.

Infrastructure Updates

Connect Rocket is dedicated to the proactive assessment of both electronic and physical vulnerabilities. Our teams implement necessary patches, updates, and architectural modifications to address potential security threats promptly and effectively.

Code and Application Monitoring

Code is reviewed using static analysis tools which highlight any deviation from security best practices and known vulnerabilities. Other tools regularly check third party libraries to ensure no known vulnerabilities are introduced into our Production environment.

We utilize various advanced application monitoring tools to maintain oversight of our applications, networks, and servers, ensuring optimal performance and rapid response to any anomalies.

Payment Data

Connect Rocket has selected Stripe Inc., a PCI Service Provider Level 1, the highest certification for payment processing. As a result, we do not handle or store any customer credit card data, ensuring enhanced security for our clients.

Report a Problem & Bug Bounty

We encourage clients and users to report any potential issues or vulnerabilities they may encounter. Our Bug Bounty program quickly rewards responsible disclosure, promoting collaboration in strengthening our security measures. To file a report, please contact us and provide a brief overview of your concern. Our CTO will review the report and follow-up within 24 hours to advance the process.

Closing

At Connect Rocket, security is not just a feature—it's our fundamental commitment. We continuously evolve our security practices to stay ahead of emerging threats and protect what matters most: your data and trust.