Security

Amazon Web Services (AWS)

We leverage the robust infrastructure of Amazon's cloud services to provide exceptional availability and security.

• AWS offers a wide range of options to enhance security, including security groups, encrypted data storage, and secure access.
• By utilizing AWS, we eliminate the concerns associated with data theft often faced by local data centers, as AWS provides the necessary infrastructure to support stringent security protocols.

Amazon Virtual Private Cloud (VPC)

We have designed a well-structured architecture within the VPC framework, where access from the outside world (internet) is restricted.

• All data is stored on servers located within the VPC. This setup significantly reduces the risk of unauthorized access to stored data.
• Even in the unlikely event that someone manages to gain access, the encrypted data remains virtually impossible to decrypt.

SSL Certificates

SSL certificates play a crucial role in establishing secure communication between clients (web browsers) and servers.

• They ensure that all data transmitted from the server to your web browser or mobile app is encrypted using 128-bit encryption.
• This level of encryption prevents compromise by man-in-the-middle attacks, offering robust protection for your data. Soon, you will be able to access all MyOperator App pages via the secure HTTPS protocol.

SiteLock Malware Scanner

To ensure a safe browsing experience for our visitors, we employ the SiteLock malware scanner.

• This powerful tool continuously scans our website for malicious scripts, effectively safeguarding visitors from viruses and malware.
• By proactively preventing session hijacking and cookie stealing attacks, we maintain a secure environment for users.

Other Tools and Techniques

Data security is our utmost priority during the development of our product.

• Every module and functionality undergoes thorough checks and rigorous testing to identify and address any security flaws, information leakage, or unauthorized access control.

At the architectural level, we have implemented a range of tools for intrusion detection and prevention.

• These tools automatically generate alerts or block malicious activities, thereby mitigating the risks posed by hackers. Additionally, we employ IP whitelisting through firewalls to restrict unauthorized or suspicious access to our servers.

As a SaaS service provider, we understand the criticality of maintaining the security of every piece of information that enters our system.With over 10,000 customer accounts and growing, we assure each and every one of our customers that their data is safe and protected.

Responsible Disclosure Policy

MyOperator is deeply committed to ensuring the security of information stored, processed, or transmitted as part of our products and services used by our customers. In line with this commitment, we have established a security research policy that provides clear guidelines for conducting vulnerability discovery activities and outlines our preferred method for submitting discovered vulnerabilities.

This policy covers the systems and types of research that fall under its scope, outlines the process for reporting vulnerabilities, and explains our approach and timelines for addressing them. We strongly encourage security researchers to contact us to report any potential vulnerabilities they may uncover within our systems.

Authorization

If you make a genuine effort to adhere to this policy while conducting security research, we will consider your activities authorized. We will collaborate with you to understand and promptly resolve any identified issues. MyOperator acknowledges and recognizes the value of your research and will not pursue or recommend legal action against you for activities conducted in accordance with this policy. In the event that a third party initiates legal action against you for actions performed within the scope of this policy, we will make it known that your activities were authorized.

Policy Guidelines

Under this policy, "research" refers to activities in which you

• Notify us promptly after discovering a real or potential security issue.
• Make every effort to avoid privacy violations, user experience degradation, disruption to production systems, and data manipulation or destruction.
• Utilize exploits only to the extent necessary to confirm the existence of a vulnerability.
• Do not exploit vulnerabilities to compromise or exfiltrate data, establish persistent command line access, or pivot to other systems.
• Allow us a reasonable amount of time to address and resolve the identified issue.
• Refrain from submitting a large volume of low-quality reports.
• Cease testing and immediately notify us if you encounter sensitive data, such as personally identifiable information, financial information, or proprietary/trade secret information. Do not disclose this data to anyone else.
• Use the designated communication channel to report vulnerability information to us.
• Refrain from documenting or publicly publishing the details of the vulnerability, as it goes against our responsible disclosure policy.
• Maintain confidentiality regarding any identified vulnerabilities until the issue has been resolved.