Given the sensitive nature to the way we conduct our business, Empire Flippers goes to great lengths to protect customer data. Below are a few steps we have taken:
- We have an internal security policy that all staff are introduced to when they join the company. In this policy, we outline a few key points:
- All employees are to use two-factor authentication when supported.
- All employees should use strong passwords and store them in encrypted format using a password manager.
- All new employees go through a background check by a 3rd party.
- Our database uses encryption at rest and in transit, and is continually updated to the latest version.
- All files uploaded to our platform, e.g. ID & bank statements are stored in encrypted format.
- We limit the number of software engineers who have the ability to access customer data.
- We have a bug bounty policy which encourages independent security researchers to inform us of any vulnerabilities before being published on the wider internet.
- It is our process to keep our systems up to date with the latest security updates.
- Our internal permissions are granted on an as needed basis, staff have the minimum required permissions to do their job, and if unused are automatically revoked.
A few steps we recommend our customers to take if they are concerned about the security of their data while using our service:
- Customers can enable two factor authentication in their account.
- Customers should leave the “Skip New Device Authentication” disabled – this will ask you to authorize logins by clicking a link in your email each time you login using a different device.