Published: April 1, 2022
We process millions of mems for thousands of users every month. Our top priority is keeping the data you share with us safe. Compliance with global privacy protocols is important to our company. As a result, Mem values data privacy and security very highly. We use the latest security technologies to protect your data, and we have a dedicated team of security experts who monitor our systems 24/7. We also require all our employees to undergo regular training on data security and privacy best practices.
To provide you with the best experience, we maintain a secure environment while also keeping our performance at the highest level. This includes ensuring that our servers are up and running smoothly, our software is up to date, and our security protocols are airtight. In short, we do everything we can to keep our platform secure and running smoothly.
We receive questions about Mem's security from time to time. Generally, we are not eager to disclose much about our security practices because it is only beneficial to the very people we are trying to protect against. We respect our customers' concerns about security, and we are serious about transparency. Here we share answers to the questions we think our customers might find most useful.
Data Center Security
Our App is hosted on Google Cloud. We chose Google Cloud because of their industry-leading security practices and their commitment to protecting their customers' data. For more information please visit https://cloud.google.com/security
All Mem employees are responsible for security and we ensure that only those employees who need access to your data in order to provide you with great support can access them.
- Ensuring the data security and operational factors of our business is the responsibility of our Site Reliability Engineering (SRE) team.
- Patches and updates are installed regularly on all the backend machines in our infrastructure. Installation of any software is strictly monitored. Only our SRE and the backend server team have access to these machines.
- We also make use of a serverless infrastructure for mission-critical portions of our systems. This provides an additional layer of security to Mem, as well as increasing our scalability and reducing our operational risk.
All employees must also meet strict requirements, including but not limited to:
- In order to protect the confidentiality of our information, all staff members are required to take reasonable measures to safeguard and prevent unauthorized access or disclosure of confidential information. This includes, but is not limited to, ensuring that all confidential information is kept in a secure location and that only authorized personnel have access to it.
- Our staff are mostly remote and they follow certain requirements, like encrypting storage media and using two-factor authentication (2FA). They also have to use strong passwords and follow specific recommendations, such as configuring their computers and phones to lock after a certain period. Lastly, all communication is done through securely encrypted channels that use modern, strong encryption.
- We have a thorough employee termination/access removal process that helps to ensure that all company property is returned and that access to company systems is properly removed.
We are committed to protecting your privacy and safeguarding your personal information. We have implemented a variety of security measures to protect your personal information from unauthorized access, use, or disclosure.
- All communication between users and the Mem application takes place over secure, encrypted channels with 128-bit TLS encryption. Any requests to retrieve or alter data must be authenticated. This ensures that only authorized users can access the data, and that all data is transmitted securely.
- Mem account credentials are completely managed by the Google Cloud Platform. Therefore we can't access or potentially leak your passwords. Mem monitors ongoing security, performance and availability 24/7. This means that you can rest assured that your account is safe and secure.
- Periodic audits are run by our manager to review compliance with security policies, and procedures. If violations are found, corrective actions are taken immediately. These corrective actions may include additional training for employees, updating policies and procedures.
- We also contract a third party for annual high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills. This helps us to identify any potential areas of weakness in our systems and allows us to take steps to mitigate them before they can be exploited.
- We offer and require that all team members enable 2FA for added protection on your account. Two-factor authentication adds an extra layer of security to your account by requiring you to enter a code from your mobile device in addition to your password when logging in. This prevents someone from accessing your account even if they know your password, as they would also need to have your mobile device in order to login.