We take your security seriously
We host our services on multiple servers around the world to ensure minimal impact to our services in the unlikely event of downtime in any given data center.
- Wireguard - self-routing, mesh networking protocol and software implementation used for compressed and encrypted virtual private networks.
- IP-Filtering between all VMs,
- Logs manager at applicative layer.
- Standard anti-DDoS service for all Scaleway servers,
- Any services provided by Scaleway (e.g. anti-DDoS, Vuln. Scans, monitoring
- External flows
- (End-user to Front End ) – All data in transit protected with TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
- (SMTP to End-user) - All emails are protected with TLS 1.2 with AES 128 bits encryption.
- Internal flows (Front End <> DB <> Other components).
- Flow encrypted with dedicated mesh networking protocol VPN Wireguard
- All DBs are redundant and disk are LUKS encrypted,
- Exported data (back-up) is encrypted (PGP OpenSSL with RSA key),
- Key Management
- Keys storage & accessibility:
- SSH Keys (remote access) are stored on Listen Leon local network with restricted access to CTO team.
- Wireguard Keys: VM unique Private key is stored locally on the related server, Public key is shared with all other mesh of the network. Additionally, IP filtering is added to avoid unauthorized connection with non-declared VM / Server.
- Key access monitoring: No monitoring enabled at this stage,
- Certificates storage: stored on Listen Leon local network with restricted access to CTO. Also available on the certificates provider. On the server, the certificate is only accessible with the Traefik Run User.
- Front end: https://*.listenleon.com
- Back end: https://*.listenleon.net
Backup and recovery plan
Types of information/data which are backed-up
We have two types of data that are backed-up :
- All application sources => text
- MariaDB data => text
- MongoDB data => text
- Redis data => text
- Pictures user profile => image
Cycle for conducting the back-up
A back-up is made every hours. We keep 1 backup per single day, for 3 months.
Methods used to conduct the back-up
Each server makes an export of hosted data. We use a public RSA key to encrypt the data exported with PGP OpenSSL.
Next, Rsync is used to send the latest backup to an external server hosted at our Headquarters (Marseille / France) – Authentication key/ssh.
This server is responsible for archiving these back-ups by date.
Before sending any back-ups to our internal server, an md5 hash is calculated to ensure that transfer has not corrupted the file.