All of Snapfix’s servers are hosted by Amazon Web Services (AWS) in the United States and Ireland. All components that process user data operate within Snapfix’s private network. Only a small number of Snapfix’s servers, protected behind load balancers and a firewall, are accessible from the Internet.
Connections between the client apps and the backend infrastructure are protected by up-to-date encryption protocols (including SSL/TLS 1.2) while maintaining compatibility with the cipher suites the client supports. All databases, data storage, and backups are encrypted at rest using AES-256.
Organisational and information security
Security for team administration
In addition to the security we’ve built at an infrastructure level, we also provide administration features to our paid Snapfix Business teams. These features allow administrators to manage their teams and include capabilities to create, transfer, or revoke access as needed.
Snapfix uses secure, industry-leading services to manage roles and access policies, certificates, encryption keys and secrets, firewalls, network access lists, and log collection and monitoring.
Our security and platform team performs regular check-ins with every development team and all code is thoroughly reviewed and checked through a version control system. We automatically scan our applications and libraries for known vulnerabilities and apply fixes promptly.
To access any of Snapfix’s internal systems, employees must authenticate via a single-sign-on system with mandatory 2-factor authentication. We regularly review employees’ access to the systems that hold or process customer data and revoke access for employees who no longer require it to do their work.
Customer data policy
Snapfix has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by Snapfix systems. Where appropriate, Snapfix uses private keys and restricts network access to particular employees.
While Snapfix may track anonymized, aggregate statistics by website domain, Snapfix doesn’t collect browsing history from specific users while they browse the web.
Information such as web server access logs or IP addresses is collected only for a limited time and only to provide specific services to the user, such as fraud prevention.
Before using a third-party vendor, Snapfix carefully evaluates the vendor's security practices. Snapfix removes personal information from third-party systems if it is no longer needed or if a user requests account deletion.