Skylight Security & Safety Guide
Skylight maintains a comprehensive privacy program. To us, this means that although we are required by law or regulation to do certain things, we are continually evaluating whether we can and should do more.
- We do not sell the personal information of our customers to third parties.
- We have a bounty based venerability program supported by processionals
- We are members of ICO Information Commissioner's Office and abide by EU/UK data protection laws read more details here:
We use Amazon Web Services and EC2 to host Skylight's production systems. Here are some facts on AWS EC2 servers.
- PCI-DSS Level 1 Service Provider
- ISO 27001 certified
- AWS is a Federal Risk and Authorization Management Program (FedRAMP) Compliant Cloud Service Provider
- SAS-70 Type II and SSAE16
- Read Amazon Web Services' Risk & Compliance for more information.
Skylightit.com uses strong SSL/TLS encryption methods and key management procedures to ensure your sensitive information is protected.
- All credit card information is encrypted with strong industry-standard cryptographic protocols such as TLS and SSL while in transit between our customers and payment gateways.
- Credit card information is never stored.
- Access to encryption keys is held by the smallest number of Skylight team.
As per our PCI compliance Skylight does not store any customer credit card data. The transfer between your computer and out payment gateway is encrypted by SSL/TLS.
Research and Disclosure
If you discover a vulnerability with Skylight information systems, report it to us first.
- Do not attempt to harm Skylightit.com or secure.skylightit.com, its users, or customer's data.
- Allow reasonable time for Skylight team to resolve the issue before publishing findings publicly.
- Report details to firstname.lastname@example.org or at join us at https://hackerone.com/skylight
- Include full details and steps to reproduce.
- Recognition by listing on the Security Wall of Fame