Our Security Story

Rejoiner is committed to providing a transparent security policy.

This policy is designed to cover the most frequently asked security questions in concise format. Secondly, this policy can help you determine whether Rejoiner meets your organization’s security requirements.The goal of our policy is to protect all individuals using our platform, including subscribers and end customers, from data theft and other security threats that may undermine their right to privacy.

Our Security Planning and Response Team

Since we are small company, the responsibilities of maintaining our security requirements are shared by all members of our team. Biannually, our team meets to do a security risk assessment on our platform and determine areas where we need to proactively secure our application. Minutes of these meetings are accessible internally. Any concerns or information you would like to pass on to our security team, please use the contact form here.

Platform and Infrastructure Hosting

Our cart abandonment platform is hosted at third party cloud provider known as Softlayer. Softlayer is responsible for all necessary infrastructure related to our private cloud, but is not responsible for our local private network or our system configuration. Physical access is securely restricted to Softlayer’s data center and has many third party certifications, including PCI and ISO 27001 compliance. For more information about Softlayer and the security of their platform, please access their security page here.

Data Collection, Retention, and Usage

We collect and store data from two entities, subscribers, i.e purchasers of Rejoiner, and end-users, customers shopping on your website. Subscribers of the Rejoiner platform will have access to our metrics and configuration dashboard. This dashboard stores the following data:

  • Email
  • Password (salted hash)
  • Email templates
  • Images and logos
Our API endpoint collects the following information from end users via browser-side Javascript:
  • Transaction value total
  • Cart items
  • Calculated customer age
  • Email
  • First name
  • Plan name
  • Plan ID
  • Cart Value
  • Plan page URL
  • Customer conversion (true or false)

Data collected via our dashboard and API endpoint is stored in perpetuity on encrypted hard drives. This includes backups of our database. We retain data even when a subscriber cancels their account and unsubscribes from our service. All data, whether generated by the subscriber or the end user, is considered to be confidential, private, and proprietary. We do not share our data with third party services or anyone outside of the Rejoiner team. Internally, we use data for analytics purposes and improving the quality of our platform.

Payment Processing

Rejoiner does not store any payment processing information. All payment processing is handled by a third party entity Stripe. Stripe supports all industry standards around payment processing, including PCI. For information about security standards at Stripe, please click here.

Server Administration

We are passionate about Debian and our servers all run the latest version of Debian. Security updates are applied when available by the Debian security team. SSL vulnerabilities are patched immediately when announced via CVE. Various security channels are monitored for any vulnerability that may affect our users. Access to our servers is restricted by firewall and SSH certificates. Updates and system configuration is managed by Puppet, a very popular configuration tool.

Access Control to Internal Systems

All engineers, administrators, and third party contractors have unique credentials to access our systems. This includes login credentials to Rejoiner servers, network devices, third party applications, and the platform itself. Upon leaving the company, these accounts are removed, blocking any further access to the above systems.

External and internal networking

All of our public facing endpoints require customers to use SSL/TLS encryption. This includes access to our dashboard and API. Communication between servers and internal applications are channelled via private subnets, inaccessible to anyone except administrators. Third party web services and APIs leveraged by the Rejoiner platform communicate through SSL and TLS channels. We do not use or support any HTTP web services under any circumstances. In addition, our external and internal network is monitored via an IDS/IPS system which logs and blocks suspicious network activity. We monitor these reports and logs to ensure that our network is not compromised.

Security alerts and notifications

In the event of a security breach where we believe your information may have been compromised, we will notify you personally via email with an explanation of the breach along with our strategy for mitigating the threat. All security notifications including important information about recent system updates, SSL vulnerability patching, or general consumable security information will be broadcasted by our dashboard messaging system.