Security and Privacy
Data centers and security measures
PagerTree’s primary data and servers are hosted at Fly.io (Seattle, USA region).
The Fly.io infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure Fly.io data centers. For a detailed overview of all security and privacy measures, see the Fly.io Security page.
Additional security measures
- Data center security: The data centers we use demonstrate ongoing compliance with rigorous international standards, such as SOC2 Type 1.
- Confidentiality agreements: Employees, contractors, and agents are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
- App security: All access to the PagerTree interface is secured over SSL (HTTPS), ensuring the information is encrypted. Our SSL configurations are regularly and automatically scanned to ensure we can quickly remediate any vulnerabilities discovered, such as Heartbleed. Additionally, we provide both TLS and HTTPS connections to the PagerTree SMTP and API services, ensuring emails sent to the service are encrypted. Account passwords are encrypted in the PagerTree database, preventing even our own staff from viewing them. We offer a method to recycle API keys at any time in the PagerTree interface.
- Fully redundant servers for the API, SMTP, Inbound, and Web interface.
- Secure protocols (SSL / TLS) across the web, API, and SMTP endpoints.
- Separately hosted Help system and Public site.
256-bit SSL encryption on the web app and payment processing.
- All passwords are stored using one-way cryptographic hashing functions.
- We run a dedicated environment behind redundant firewalls and switches.
- Hardened and patched OS with frequent security updates.
- External monitoring and audits by highly respected security firms.
- For even more detailed information about our security practices, you can review this help doc.
As described on our pricing page, PagerTree collects and retains content and metadata for up to 1 year to allow customers to access their full alert and notification history. After 1 year, alert and notification data is removed from our system.
Vulnerabilities that directly affect PagerTree's systems and services will be patched or otherwise remediated within a timeframe appropriate for the severity of the vulnerability, subject to the public availability of a patch or other remediation instructions.
- Critical: 24 hours
- High: 1 week
- Medium: 1 month
- Low: 3 months
- Informational: As necessary
If there's a severity rating that accompanies a vulnerability disclosure, we'll generally rely on that as a starting point but may upgrade or downgrade the severity in our best judgment.