Server and network security
We ensure the confidentiality and integrity of your data with industry best practices. All servers are built on top of Amazon Web Service with AWS Compliance, which is Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant.
OneSky employed a team of server specialist 24×7 to monitor security vulnerabilities and respond to service incidents. This team will also perform regular audit according to AWS best practice.
OneSky’s web application servers are physically and logically separated from servers that store customer data. Dedicated VPN services and firewall are used to block unauthorized system access. All operating systems are hardened to remove all unnecessary software.
Application security
OneSky is built according to secure development best practices with security reviews incorporated throughout the design, prototyping and deployment process. Logs are regularly analyzed to identify patterns of suspicious activity.
Communication security
SSL/TLS is used to exchange private data between OneSky and web clients.
Data security
We classify and treat all data as confidential, using inbound and outbound low-level logical firewalls to ensure that data cannot be leaked between OneSky networks. Any data sent from OneSky by emails will be delivered using encrypted transport via Sendgrid. OneSky is using PCI compliant payment partners and does not store your credit card credentials.
Employee Access
No OneSky operation personnel ever access private projects unless required to for support or project management purposes according to system role-based model. The role-based access is secured by unique login credentials. Access is given to our operation personnel upon hire and revoked upon termination.
The support staff may sign in to your account in order to solve and assist in resolving support inquiries. The support staff does not have direct access to customers data. Solving a support issue, our support team only has access to the files and settings needed.
Here is the list of data subprocessors
| Entity Name | Entity Location |
| Amazon Web Services, Inc. | USA |
| Logentries | USA |
| SendGrid, Inc. | USA |
| Zendesk | USA |
| Heap, Inc. | USA |
| Intercom, Inc. | USA |
| Firebase | USA |
| ObjectLabs Corporation | USA |
| ChartMogul Ltd | United Kingdom |
| Xero Limited. | New Zealand |
| HubSpot, Inc. | USA |
If you have any questions or reports about our security, please contact contact us.
