We take security seriously.
Your data is important to you. It’s important to us, too. We understand that you are putting your trust in us, and we want you to know that your information is safe.
Securing Your Data
Within our systems, all of your data is stored using 256-bit encryption with a uniquely derived key. We encrypt every single personally identifiable field in the database, including your name and email address. As with all systems such as ours, the security of your information also depends on you. Choose a strong password (we enforce that as best we can) and never share it with anyone.
Securing Your Data on the Move
All communications between you and Ruby are encrypted via SSL using 2048-bit certificates, and we require SSL on all communications. We support “perfect forward secrecy” which means that even if someone eavesdrops on your communication, they will still not be able to decrypt the data in the event that our key is compromised.
Operational Procedures to Keep the Site Secure
Ruby follows best practices to keep your data secure. We regularly audit our environments and code for security issues and apply patches expeditiously. We use commercial services that regularly check our site and retain our own security experts to probe and verify the security of our site.
Administrative Access to your Information
We have strict internal procedures preventing any Ruby employee or administrator from gaining access to your account. The only exceptions are the limited data necessary for us to grant you access to your account (i.e. triggering confirmation emails) and restricting access to your account in urgent circumstances. Ruby logs and regularly audits all accesses to your account.
Two Factor Authentication
Security is not just about protecting your data, it’s also about protecting access to your account. By enabling Two Factor Authentication, whenever you sign into Ruby from a new computer, device, or browser, we will send a unique code to your phone that you must include as part of your login. This extra layer of security makes sure that even if an attacker steals your password from you (or from a site that’s less secure than Ruby), he won’t be able to access your information.
We are always improving.
The Ruby team is focused on top-of-the-line security. We are implementing a Type II Service Organization Control 2 (SOC 2), which verifies Ruby’s operations meet or exceed defined levels of processes and controls for the security of customer data. Our framework is built on the Center for Internet Security (CIS) Top 20 Critical Security Controls, which is a prioritized set of best practices created to stop threats.