Data Security

Last updated: June 23, 2023

Organizational Security

All employees are required to agree and adhere to an industry-standard confidentiality agreement prior to their first day of work.

Cloud Security

Cloud Infrastructure Security

We use Heroku, which runs on Amazon Web Services, to host all back-end servers and databases. For more information on Heroku’s security processes, please visit Heroku Security. For more information on AWS’s security processes, please visit AWS Security.

Encryption at Rest & in Transit

Tether keeps your data encrypted and secure. All databases are encrypted at rest, and Tether applications encrypt in transit with TLS/SSL only for all connections.

Business Continuity and Disaster Recovery

We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.

Incident Response

We have processes in place for handling information security events, including escalation procedures, rapid mitigation, and communication.

Access & Management Security

Permissions & Authentication

Access to cloud infrastructure and other sensitive tools is limited to authorized employees who require it for their role. Where available, we implement 2-factor authentication (2FA), and strong password policies to ensure that access to cloud services is protected.

Least Privilege Access Control

We follow the principle of least privilege with respect to identity and access management.

Quarterly Access Reviews

Quarterly access reviews are performed on all employees with access to sensitive systems.

Password Requirements

Our entire team is required to adhere to a minimum set of password requirements and complexity for access.

Local Equipment Security

All company-issued laptops are encrypted and utilize a password manager for team members to manage passwords and maintain password complexity.

What Data is Collected and Stored?

Tether collects the minimum amount of information necessary to provide a streamlined and personalized experience. Additionally Users can request information deletion at any time in compliance with CCPA and GDPR regulations.

Within the Tether database, the following data is collected for Users:

  • First Name
  • Last Name
  • Email Address (for login and notifications)
  • Phone Number (for login and notifications)
  • Birth Year (for compliance with COPPA)
  • Gender (for personalization - an “Undisclosed” option is offered)
  • Time Zone (for localization)
  • Last Active Timestamp (for personalization)
  • Any content uploaded by that User (images, posts, comments, and other text content)

Within the Tether database, the following data is collected for Organizations:

  • Name
  • Description
  • Street Address
  • City
  • State
  • Postal Code
  • Country
  • Time Zone (for localization)
  • Website Address
  • Any content uploaded by that Organization (images, audio files, videos, and text content)

System logs may retain traces of User and Organization activity for up to thirty days in order to support security and maintenance efforts, after which point they are deleted.