Our Culture of Security
Security is the foundation for everything we do at Hummingbird. From hiring and company communication safeguards, to best-practice approaches to secure development and information-sharing, we’re building a culture of security that extends from the break room to the front office.
We cultivate a culture of security through ongoing education and appropriate personnel controls. Our security practices begin well before we consider making a candidate a job offer, and continue on past the point where we part ways with an employee. Every member of the Hummingbird team receives regular training, and access to sensitive systems is extended only to essential personnel.
- Background checks
- Carefully controlled permissions
- Strong password requirements
- Code of conduct
- Ongoing training & certifications
- Expert consultants & advisors
Our apps are developed securely using a combination of automated testing, mandatory peer reviews, and third-party testing. Our service is continuously monitored for vulnerabilities, and we maintain a bug bounty program. All code changes are carefully reviewed and tested before they can be merged and deployed to our staging and sandbox environments. After additional live testing, changes may then be merged to our production environment. If a change in direction is needed, we can roll changes back easily and quickly.
- Access management & reviews
- XSS, XSRF, and SQL injection protections
- Penetration testing
- Bug bounties
- Vulnerability scanning
Keeping data secure is a top priority throughout our company. Encryption, access controls, system architecture design, and a culture of security among personnel all play a part in our comprehensive approach to data security.
- Data encrypted in transit & at rest
- Data classification matrix
- TLS 1.2 for all transmissions
- Access restrictions
- Unique encryption key per customer
Programs & Certifications
Hummingbird employs third-party auditors, system testers, and hosts a bug bounty program to ensure that our service is secure.
SOC 2 Certification for Security, Availability, and Confidentiality
Bug Bounty Program