Security

TINT takes security seriously. We follow widely-accepted industry standards and have worked with several Fortune 500 clients to provide assurances of secure practices.

Safe Storage

TINT utilizes a modern cryptographic hashing algorithm (PBKDF2-SHA256) in combination with password-specific salts and a secret pepper to make stored passwords virtually impossible to recover in the case of a data breach. Users must authenticate via secure TLS connections for TINTs while being displayed and while being configured or edited. Accounts are locked out after 10 unsuccessful attempts.

We use secure TLS connections for TINTs while being displayed and while being configured or edited.

The social network OAuth tokens are always requested with minimum privilege, usually read-only. In particular, Facebook, Twitter, and Instagram tokens are all limited to read-only access of public feed information.

Trusted Infrastructure

TINT is a cloud service based on the latest technology and we are hosted on Amazon AWS, which has world-class, highly secure data centers. By outsourcing infrastructure such as routers, physical servers, load balancers and DNS servers we can focus on making our application and servers secure. AWS maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website .

We regularly and automatically scan our infrastructure, networks, and applications for vulnerabilities using multiple scanning techniques. Infrastructure scanners employ an up-to-date database of CVEs and other security advisories and checks our infrastructure for vulnerable or unpatched hardware and software, and application scanners check for web vulnerabilities such as XSS and SQL injection.

Organizational Security

TINT employs industry best practices for organizational security. We have built our security team around decades of experience in the IT security industry and have worked with several Fortune 500 clients to provide assurances of secure practices.

All employees have full-disk-encrypted laptops, and use two-factor authentication for email and other online accounts wherever possible. The TINT engineering team also undergoes secure development training and regularly reviews code for application security issues.

Other Notes

Contact and Disclosure

TINT welcomes and encourages the responsible disclosure of security concerns and vulnerabilities from security researchers and other third-parties. Any and all security disclosures and concerns can be sent directly to security@tintup.com.

Acknowledgements

TINT recognizes the effort and skill that goes into finding and disclosing security flaws. We would like to thank the following individuals for their responsible disclosures:

Public Data

The vast majority of data displayed on TINTs is published on Social Networks and not considered to be private information. Please contact TINT security with the specific TINTs if you would like data on specific feeds data classifications.

Payment Processing

TINT does not store payment information. Payments are securely transmitted to, and processed by, a third-party payment provider (Stripe).

Policies

For more information on our commitment to providing secure services, please see our Privacy Policy, and Terms of Service.