Safety and privacy is our two main focuses, one should never say that something is perfectly secure, but we do work constantly on improving our platform with security and privacy in mind.
Server instances
With minimal variation between generations most server software are very close to their original source, basic features such as an SSH daemon, cloud-init and scripts used to control start, stop and reboot actions are carefully included. We do encourage you to do your own research and build additional layers of security for critical applications running on your server instances.
API
Protected by TLS, using modern encryption first hand, like all our web resources. Rate limits applies within the web server software and CDN services are not used with the API at all to protect your privacy. We can do better on the security around API keys and are currently working on that. However, so far we've made sure to reduce any potential data leaks from harvesting.
Dashboard
Relies on TLS and the web server security, this part has unfortunately fallen behind which might become obvious considering it lacks some of the most recent features added to the API. So in short, for more features and better security and privacy, consider using the API instead of the control panel. Also, assets such as images, scripts and style sheets are loaded from our CDN which uses Cloudflare.
Privacy
Nobody has direct access to your personal information, all administrative work is done through the API which communicates to our back end database servers. We don't rely on secrets such as keeping our database servers hidden from the public, which is why they are also protected through additional layers to avoid potential issues when someone finds them.
As a last point, we don't collect more information than what's needed so even if the information do get leaked, it won't hurt as much as it would on sites that requires more sensitive information to work. Of course there's always things we can improve in this area as well.
Decentralization
This might sound like the opposite of he cloud, but with 50+ locations powered by different providers and reasonable priced low end servers, we've chosen to build our network to span over the globe using multiple individual nodes completely independent of each other, instead of having one large server.
It might sound more complex, but why making things complicated at all? we've built the network with simplicity in mind, each node is responsible for their own task and if one or more nodes fails, others are ready to take over quickly. Information sent between nodes are of course encrypted too, just in case.
Transparency
Openness and transparency are two factors commonly forgotten in terms of security. We're always open for suggestions and new ideas on how we can improve in this area. It's even possible to discuss here in the forum using any of the following relevant sections:
In the end, most of the work that needs to be done in order to stay safe, relies on yourself. We provide the fundamental tools needed to get started. But it's also your own responsibility to follow the best security practices, such as picking a long password/passphrase, renew your API keys and make sure they won't get leaked, and most important, configure your server instances properly to avoid unauthorized access.
Conclusion
It wouldn't be very wise to brag about being the best in terms of security and privacy, in fact we're not. There are some other choices which are better in terms of security and privacy. We do however work on improvements to become better and are always open for new ideas and suggestions.