Security response.

Keeping customer data safe and secure is a huge responsibility and our top priority. We always welcome all your input and feedback on security issues.

Found an issue?

We really appreciate your concern, and would like to assure you that we treat all security issues with the highest priority and utmost seriousness.

We ask for your patience while we make sure that your issue has been properly rectified. Should there be a need, we will also notify upstream projects of flaws that may affect other users of their projects.

Reporting security problems

Send urgent or sensitive reports directly to security@alces-flight.com. We'll get back to you as soon as we can, usually within 24 hours. Please follow up if you don't hear back from us. For requests that aren't urgent or sensitive, please contact Alces Customer Support.

Tracking and disclosing security issues

If you have discovered a web security flaw that might impact our products, please let us know. If you submit a report, here's what will happen:

  • We will acknowledge your report and give you means to track the progress of your issue.
  • We will investigate the issue and determine how it impacts our products. We won't disclose issues until our investigation is finished, but we will work with you to ensure we fully understand the issue.
  • Once the issue is resolved, we'll release a security update along with thanks and credit for the discovery.

We use a variety of technology to provide our services, including the widely used Ruby-on-Rails framework and React JavaScript library. Security issues may affect any of the various technologies we use. We ask for your patience while we also make sure other companies and their customers are protected. In any case, you will always have a contact at Alces Flight who will be directly responsible for ensuring that your issue is addressed.

Security overview

We take security seriously. The security precautions we take include:

  • All communication between the client (your web browser) and our servers takes place over SSL-encrypted channels.
  • All communication between the client (your web browser) and your compute environment takes place over SSL-encrypted channels.
  • All communication between your compute environment and our servers takes place over SSL-encrypted channels.
  • Account passwords undergo salted password hashing before being stored; nobody can access an unencrypted view of your password.
  • All server data is backed up on a regular basis.
  • We actively monitor all major security announcement channels. Security updates for third party components are applied as soon as is practicable after a security announcement has been made.