Mav Security Overview

Last updated: Apr 7, 2020

Security is a top priority at Black Ops and we understand how important your data is to you and those who depend on you. Black Ops has been entrusted with a significant variety and amount of sensitive application and user data. We do not take our responsibility lightly; we work diligently to continuously improve security processes and controls.

Coordinated Disclosure

Any security concerns or vulnerabilities discovered in one of Black Ops's products or hosted services can be responsibly disclosed by emailing [email protected].

While we greatly appreciate community reports regarding security issues, at this time Black Ops does not provide compensation for vulnerability reports.

Data protection and privacy

Data Location

Our servers are located in Amazon AWS's Virginia (US) datacenter. All data is written to multiple disks instantly, backed up daily, and stored in multiple availability zones. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Our software infrastructure is updated regularly with the latest security patches.

Encryption at rest and in transit

Over public networks we send data using strong encryption. We use SSL certificates issued by Cloudflare. You can check our currently supported ciphers here.

Encryption-at-rest of our database is acheived using AWS’s transparent disk encryption, which uses industry standard AES-256 encryption to secure all volume (disk) data. All keys are fully managed by AWS. Backups are stored on Amazon S3 and encryption is performed via server-side encryption.

Files uploaded to Mav, such as sales scripts, are stored in private S3 buckets that require a one-time use, time-limited tokens for access.

Physical security

Our application and data servers are located in AWS's Virginia datacenter. More information about their controls, including physical security, can be found here.

Access control and organizational security

Personnel

All our employees and contractors (workers) sign confidentiality agreements before gaining access to our code and data. Background checks aren’t performed on our workers. Everybody at Black Ops is trained and made aware of security concerns and best practices for their systems. Remote access to production systems is limited to workers who need access for their day to day work. We log all access to all accounts by IP address.

Employee and contractor computers (including desktop computers) are required to have and maintain full hard drive encryption. Additionally, laptop computers are required to use a VPN service when using the device outside of their home.

Payment security

All payments are handled by Stripe. Your payment information is sent directly to Stripe and never stored on our servers. In fact, all payment requests bypass our servers completely ensuring sensitive payment information also does not appear in our logs.

For more information about Stripe's security controls, you can visit their security page.