Security Policy
Last modified: January 7, 2021
Security is primary
Get Lyfe uses a variety of methods to secure our network, software, and applications. Our employees maintain organizational security measures designed to keep your data safe, and our data retention and business continuity plans are comprehensive.
Network and server security
Network infrastructure is segregated into levels of information classification with strict routing, firewalling, and access control links that separate each privilege level.
Network infrastructure undergoes regular penetration third-party vulnerability audits.
Our information security team members perform regular software updates throughout the Get Lyfe infrastructure to remain up-to-date on software security patches.
Our information security
Web APIs and web pages are secured with High Assurance SSL certificates that support encryption algorithms with key lengths up to 256 bits and prohibit any key lengths shorter than 128 bits.
Get Lyfe’s cloud infrastructure employs Multi-Factor Authentication for management operations.
Industry-standard (symmetric and asymmetric) encryption algorithms with appropriately sized keys are used to protect sensitive customer information.
Get Lyfe applications undergo regular internal source code audits. Internal audits are augmented by regular third-party audits.
Standards and leading practices identified by independent security organizations (e.g., OWASP) are integrated in to all Get Lyfe code creation processes.
Data retention & Disaster recovery
Data is aggressively archived and Get Lyfe performs regular offsite backups to ensure redundancy.
Get Lyfe services are designed to tolerate failures in supporting infrastructure while maintaining continuity of operations; we place a high priority on redundancy and ensuring maximum availability of our services.
Get Lyfe follows industry standard incident response procedures with a dedicated incident response team.
Organizational security
Prospective employees undergo security screenings during the hiring process.
Get Lyfe employees undergo security operations training.
Get Lyfe employees use encrypted storage, encrypted chat (and voice), and encrypted tunnels (SSH) for sensitive internal communications and operations.
Get Lyfe maintains detailed application-level and system-level logs.
Security research and disclosure process
Get Lyfe understands the devotion and effort that security work requires. As such, we encourage the responsible disclosure of any vulnerabilities to us. Responsible disclosure means:
Openly share the full details of any vulnerabilities with us.
Do not announce or share the details of any vulnerabilities in any way with the public or other parties.
Do not exploit the vulnerability except for purposes of demonstrating it to Get Lyfe personnel. Please contact security@meetGet Lyfe.com if you are unsure of exploitability and we will work with you to verify it safely.
Do not use the vulnerability to access, modify, harm, or otherwise alter any Get Lyfe (or its customers’) data.
Vulnerabilities that are “responsibly disclosed” according to the above process are welcomed. Get Lyfe will not seek to bring legal action against any person who adheres to this process of responsible disclosure.
Target Domains
getlyfe.com
www.getlyfe.com
getlyfe.com
www.getlyfe.com
Contact
Notwithstanding Get Lyfe’s security precautions, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we are unable to guarantee the absolute security of our site and your use of the Service.
You may contact us with any security questions, concerns, or suggestions at compliance@getlyfe.com
