Keeping our customers' data secure is the most important thing that My Dealer Jacket does. We go to considerable lengths to ensure that all data sent to My Dealer Jacket is handled securely - keeping My Dealer Jacket secure is fundamental to the nature of our business. We want to share some of the details of what we do to keep things secure, and some of the work that we're doing to continually improve the security of your data. This document is a living document, and we will add to it from time to time. You are probably also interested in checking out our Terms of Use and Privacy Policy too. If you have any questions, as ever please contact us at security@mydealerjacketcom.
โ
Our team has relevant experience
Our team includes people who've played lead roles in designing, building and operating highly secure Internet facing systems, such as payment processing platforms, cloud services and content distribution networks in companies such as Amazon and Facebook. We also have people who've successfully built a number of startups from scratch, and others who have worked in well established smaller Internet businesses.
We host in world class facilities
The vast majority of our services and data are hosted in Microsoft Azure facilities in the USA. Further details about the considerable measures Microsoft takes in securing their facilities and services can be found here: https://learn.microsoft.com/en-us/azure/compliance/.
We follow best practices
At My Dealer Jacket we follow a number of best practices that improve our security posture. Here are a few examples:
We have functioning, frequently used automation in place so that we can safely and reliably rollout changes to both our application and operating platform within minutes. We typically deploy dozens of times a day, so we have high confidence that we can get a security fix out quickly when required.
All data sent to My Dealer Jacket is encrypted in transit. Our application endpoints are TLS/SSL only - meaning that we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest.
We regularly engage with well-regarded third-party auditors to audit our code-base and infrastructure, and work with them to resolve potential issues.
We use two-factor authentication whenever possible. We ask vendors to enforce two factor authentication in all our accounts. We discourage use of shared accounts on any system - when we have no choice we use Bitwarden to securely share logins. We review which accounts can access our systems and the permissions they have regularly.
We don't trust our corporate network - it has no backdoors into our production systems.
We have a documented incident response plan and educate all staff on security procedures and policies.
External penetration testing twice a year performed by dedicated external security partners.
Any changes to the My Dealer Jacket code base have been peer reviewed and are automatically tested as part of our CI/CD process to identify any regression or security flaws using static analysis.
Our product has many security features for you
Security has a shared responsibility. You should enable the following product security features to enhance the security of your workspace:
Use two-factor authentication for your teammates to securely login to My Dealer Jacket
Set permissions and roles for your teammates in your workspace to limit access to data, features or destructive actions
We do not store payment details
My Dealer Jacket is not in the business of storing or processing payments. All payments made to My Dealer Jacket goes through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe's security page.