Security Policy

Security Policy

Your security is very important to us! Here is a summary of what we do every day to guarantee that your data is safe with Ricemill and that we apply best security practices.

Backups

  • We keep full backup of our database up to 7 days.
  • The automated backup is done via Amazon RDS services.
  • You can also download manual backups of your live data at any time using the export functionality within Ricemill.

Data Security

  • You own all of your own data and it is stored on our database system hosted on Amazon RDS, which is backed up regularly. We also have multiple servers for load balancing and redundancy, so if one server fails, another will take over seamlessly.

Password Security

  • Customer passwords are protected with PHP encryption algorithm.
  • Ricemill staff does not have access to your password, and cannot retrieve it for you, the only option if you lose it is to reset it.
  • Login credentials are always transmitted securely over HTTPS.

Staff Access

  • Ricemill support staff may sign into your account to access settings related to your support issue. For this they use their own special staff credentials, not your password (which they have no way to know).
  • This special staff access improves efficiency and security: they can immediately reproduce the problem you are seeing, you never need to share your password, and we can audit and control staff actions separately!
  • Our support staff strives to respect your privacy as much as possible, and only access files and settings needed to diagnose and resolve your issue.

System Security

  • All Cloud servers are running Amazon Linux AMI with up-to-date security patches.
  • Only a few trusted Ricemill engineers have clearance to remotely manage the servers – and access is only possible using a personal SSH keypair.

Credit Card Safety

  • We never store credit card information on our own systems.
  • Your credit card information is always transmitted securely directly between you and our PCI-Compliant payment acquirers.
Service Provider Purpose
Stripe (PCI-DSS compliant) For processing Ricemill’s monthly subscription payment.

Software Security

Ricemill is built upon Amazon Web Services, leveraging the elastic scalability and economic benefits of cloud computing. We make use of a number of Amazon products:

  • Amazon Elastic Compute Cloud (EC2) – We use the EC2 platform to host our web-servers on powerful virtual machines.
  • Relational Database Service (RDS) – We use Amazon’s managed MySQL database product. This allows us to benefit from Amazon’s backup mechanisms and high availability.

Secure by design

Ricemill is designed in a way that prevents introducing most common security vulnerabilities:

  • SQL injections – Ricemill relies on software frameworks (Codeigniter & Laravel) that abstracts query building and prevents SQL injections by default. Developers do not normally craft SQL queries manually, they are generated by the ORM, and parameters are always properly escaped.
  • XSS attacks are prevented by the use of a high-level templating system that automatically escapes injected data.
  • Cross site request forgery attack prevention – Ricemill is developed on top of software frameworks (Codeigniter & Laravel). We utilise the security features offered by both frameworks for CSRF protection.
  • Malicious File Execution – Ricemill does not expose functions to perform remote file inclusion.
  • Ricemill runs on HTTPS by default.
  • Password salting and hashing.
  • Automated testing.

Reporting Security Vulnerabilities

If you need to report a security vulnerability, please email security@ricemill.co or send us a live chat message. These reports are treated with high priority, the problem is immediately assessed and solved by the Ricemill security team, in collaboration with the reporter, and then disclosed in a responsible manner to Ricemill customers and users.

© 2024 Ricemill Group Pty Ltd All Rights Reserved