At Samewave we take data security and integrity very seriously, the Samewave application is built with Ruby on Rails (RoR) and JavaScript (JS). It uses Service Orientated Architecture (SOA) and Client Side framework models, whereby each part of the application is architecturally separate and all data is stored on secure servers. The Client Side framework model ensures that no data is stored locally on users' devices, instead it’s all transmitted on request via SSL 256 bit secure connections from Samewave’s secure servers to the users device during an active session.

Those active sessions are further secured by regularly rotating authentication keys within the session cookies, based on the users unique Samewave account, from the core Samewave API to the users device, preventing any possibility of middle-man attacks or other breaches between the client and the server.

Samewave’s servers are hosted with Heroku, a highly respected Platform-As-A-Service (PaaS) provider. Through that we benefit from their stringent and industry standard security compliance, including: ISO 27001, SOC1 and SOC2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX) and SSL 1048 bit. In addition to that are a range of vulnerability management, environmental safeguards, network, data and system security in place with Heroku. For more detailed information please refer to their security policy here: https://www.heroku.com/policy/security.

We aim to keep our service safe for everyone and we abide by the responsible disclosure principles, if you are a security professional and have discovered a security vulnerability in Samewave, we greatly appreciate your help in disclosing it to us in a responsible manner and we will respond to any such disclosures within 24 hours.

Did this answer your question?