Security of the service

Due to the nature of the service, the security of the service has been taken care with an extra thoroughness.

Connections

All connections and communications between users and the service are secured with an industry standard TLS-protocol using a trusted certificate provider. Secure transfer protocol ensures that any information sent between the user and the service cannot be read by third parties. This secures the visit of a unique user and especially administrative actions (e.g. handling the results) done by the site administrators. For the end users the SSL-protection shows usually as a small lock icon on the browser, a well known marker for a secure site.

The service

The service is built with WordPress, a market leading content management system with help of few well known extensions. For this service the content management system is hardened with industry best practices. Together with the secure nature of the hosting environment known ways of attacking are eliminated or made inefficient.

Hosting environment

The service is hosted on Google Cloud, a well known and trusted service provider. The hosting environment (Google App Engine) has received multiple security certifications, most notably the PCI (Payment Card Industry) compliance validation, which means the platform is qualified by the payment card providers to handle e.g. credit card information with the required level of safety. The infrastructure of the platform is designed to be scalable and top grade secure, many of Googles own services run on the same platform.

The service runs on a isolated environment with no other websites or services that could access or affect the service. The service has very limited permissions within the environment, e.g. all writing to filesystem has been disabled. Access to the server environment is strictly restricted and administrative access to most of the components is allowed only for certain IP addresses.