Skip to main content

Security Policy

Virtual Security

We have three teams who actively monitor our servers and maintain the security of our systems. Security tests are also performed regularly by our QA and admin teams, and we monitor our servers and our networks 24 hours a day, 7 days a week, 365 days a year. We monitor them to maintain them online and healthy; we watch out for server abuse, for security breaches and we even catch when spammers try to use your site as a spam relay. Monitoring systems include automated ones (Linux daemons) and human ones. We have maintained 99.9% server uptime since 2007.

Our virtual security includes:

  • 24/7 server monitoring team
  • No SSH access by default
  • No remote access to MySQL (by default)

Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers’ behalf.

Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.

Our general IT security is world-class and we are not aware of one case of a data security breach.

Physical Security

CiviHosting’s data centers are protected by some of the most powerful physical security systems available, including:

  • Advanced smoke detection and fire suppression systems
  • 24/7 secured access with motion sensors, video surveillance and security breach alarms

Spare Servers

We keep a spare/standby server in each server rack. If a production server fails, it will be immediately replaced by a spare server, and the latest backup will be restored.

Refusal of service

CiviHosting reserves the right to refuse hosting for insecure applications that could be, for instance, utilized by an attacker to gain unauthorized access to the server and/or execute applications with the privileges of the customer that has uploaded the insecure application in question. Customers are responsible for keeping their applications up-to-date, checking for security issues with the application vendor, and updating to the latest secure version that is available. In the event that an insecure application is installed on the hosting account of the customer, CiviHosting reserves the right to disable access to it, or, if deemed necessary, to the hosting account in its entirety. This will be with the exclusive purpose of preventing damage to the customer and to the other customers hosted on the same server, and may be done with or (in case of emergency) without prior notice.

CiviHosting reserves the right to impose restrictions or fully suspend any of the services provided to customers, in case the operation of these services threatens the overall security and stability of the hosting system, and/or the proper operation of other customers’ accounts/services.

CiviHosting reserves the right at its sole discretion to refuse or cancel service. Violation of any of CiviHosting’s Terms could result in a warning, suspension, or account termination. Submitting fake personal information can also be grounds for suspension or termination.