Information Security.

We serve our website exclusively via HTTPS, and serve all our APIs over HTTPS by default.

EarthX is a trusted repository of data. We go to great lengths to protect the security of your account, your data, and our users.

 

SECURITY OF INFORMATION

Infrastructure: Our platform technology is built using the latest advancements in architecture and storage. We believe that security of information is paramount. We conduct regular security audits both internally and with 3rd parties s to review our hardware, software, and physical security configurations. Our offices are also equipped with access control and 24 hr surveillance.

Applications: 

EarthX will be available as a desktop browser application to view on personal computers running Windows edge browser, Mac OS X 10.3.9 and above, Android 5.0 and above, and FreeBSD. Application security reflects agreements and meeting the necessary requirements set forth in the application submission, review, and deployment terms and conditions of relevant applications with Apple, Google, and Microsoft.

Personal Information and Accounts: Account management is done through Amazon Web Services (AWS) Cognito with a two-factor authentication for logins to help protect your account information. Integration with other services such as MapBox also utilize a two-factor authentication process with a unique token containing granular control over access to your account resources.

Software security: We monitor documented threats from public security research databases (such as the Common Vulnerabilities and Exposures catalog), and we run automated vulnerability scanners, including retire.js and nsp, at regular intervals and before each deploy. Our developers receive training for secure software development, including Open Web Application Security Project guidelines. All major code changes are subject to a multi-point code review with specific attention paid to security.

DDoS mitigation: Maps and location can be emotionally and politically charged subjects. We maintain firewalls on our edge servers and origin load balancers to protect against bandwidth and protocol-based attacks, and we use intelligent web application firewalls and elastic scaling of our compute capacity to mitigate attacks at the application layer, including complex and evolving attacks.

Data security: EarthX uses telemetry through SDKs to collect anonymous data about how users interact with the map to help developers build better location based applications. This information helps us understand aggregated stats about map usage and how people interact with map Layers and GeoStories which enable EarthX to make improvements to the overall application experience. Mobile telemetry data is stored in a dedicated pipeline through secure AWS protocols. All customer data is stored with at least dual redundancy and we've designed our storage solution for 99.9999% uptime. EarthX accounts come with built-in AES256 encryption-at-rest. 


Logging: We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in vaulted storage. We implement measures to detect and prevent log tampering or interruptions.