HappySoup is committed to protecting the data entrusted to us. While we are a lean organization, security is integrated into every stage of our product development and operations.
Security Responsibility
The CTO is designated as the security lead and is responsible for ensuring that security best practices are applied across design, implementation, and operations.
Security Practices
All production systems require multi-factor authentication and are accessible only by the CTO.
Dependencies are kept up to date using automated tooling and regular patching.
Keys and secrets are rotated regularly (minimum every 3 months).
Logs are monitored through Papertrail, with no sensitive tokens or user data recorded.
Sessions and access tokens are encrypted and expire after 2 hours.
Infrastructure and Certifications
HappySoup does not currently maintain HIPAA, PCI DSS, SOC 2, or ISO27001 certifications. However, we rely on infrastructure providers that maintain strong certifications and compliance programs:
Heroku (Salesforce) β SOC 2, ISO27001, PCI DSS
MongoDB Atlas β SOC 2, ISO27001, GDPR
Papertrail (SolarWinds) β SOC 2
Redis (Heroku add-on) β TLS enforced, hosted via Heroku
Transparency and Documentation
To help customers evaluate our security posture, we provide detailed documentation covering:
Customers may also request data deletion in line with GDPR and our Privacy Policy.
Contact
Security-related questions or incident reports can be directed to [email protected]