Legal Security First

How does Firecite protect your privacy and data security?

Firecite takes security very seriously and strives to maintain the highest security standards. To accomplish this, we make use of best-in-class security tools and practices.

Read on to learn a bit more about how much we care about your privacy and security.

Let’s talk about the encryption we use to keep your communications with the Firecite website locked down.

All browser connections to are secured and encrypted using something called Transport Layer Security (TLS). You may have heard of its predecessor, Secure Sockets Layer or SSL. TLS refers to the process of securely transmitting data between your browser and The term “SSL” continues to be used colloquially when referring to TLS and its function to protect transmitted data (most people still call this SSL).

TLS attempts to accomplish the following:

  • Encrypt and verify the integrity of communications between your browser and
  • Verify that you are communicating with

Firecite forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard. We use HSTS to ensure browsers interact with Firecite only over HTTPS. The point here, is that your connections are encrypted by default.

We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We regularly perform penetration testing, network & vulnerability scans and code reviews as well.

Okay, let’s talk about how your account information is secured!

The data that we collect from you is stored and backed up in destinations within the United States. All storage and hosting used by Firecite is Type 2 SOC 2, ISO 27001, and ISO 27018 compliant to ensure that your data is treated securely and in accordance with our privacy policy. All information you provide to us is stored on secure servers in a controlled environment with limited access.

Furthermore, anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Our payment processor has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry!

Credit card and banking information is secured to the extreme.

When you provide sensitive credit card information or billing information to Firecite, it is not stored in our databases. Instead it is securely transmitted one-time to our payment processor, where all card numbers are encrypted on disk with AES-256. The extra steps are taken to secure payment information are extreme:

  • Decryption keys are stored on separate machines.
  • None of our processor’s internal servers and daemons are able to obtain plaintext card numbers
  • The infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with primary services.

The only billing information Firecite retains is the last 2 digits of bank accounts and credit cards to help reference these items to our customers when needed. This information is also encrypted on disk with AES-256. We regularly audit the details of this implementation including the ciphers we support.

Project details, conversations, and all document uploads are super encrypted.

Sensitive project data is also encrypted on disk with AES-256. This includes active project conversations within the Firecite dashboard, and all uploads and work product uploaded via the Firecite dashboard.

Have questions?

We are always delighted to hear from our users and welcome and questions or comments.


Leave a Reply

Your email address will not be published. Required fields are marked *