Overview

Security is of very high priority here at Hallow. In general we follow accepted standards and best practices to protect the personal data submitted to us. On this page we have provided information about the security of your data, our general security practices and how you can reach a member of our team if you have questions that haven’t been answered below.

Hallow safeguards customer data using a variety of controls:

• Hallow application data is secured in transit using TLS and encrypted at rest in our database. We use enterprise-grade 256-bit AES encryption to safeguard data at all times.
• Sensitive data is given additional precautions to ensure safety. Passwords are hashed using cryptographically secure methods and other sensitive data such as journals is encrypted prior to being stored in our database. 
• All Hallow traffic is parsed through a web application firewall which filters, monitors and blocks any malicious HTTP/S traffic.
• We monitor our application servers, infrastructure and our network environment to detect potential problems as they arrive.
• The app, our data and yours—is securely hosted on Amazon Web Services (AWS) servers in North America. We chose AWS for its extensive list of compliance and regulatory assurances such as ISO 27001, GDPR and SOC 1/2/3 and many more. Additional details are available here.

Vulnerability Disclosure Program

We appreciate any and all feedback from the security community and strive to quickly address security issues involving our app and services. If you have found a vulnerability or issue with our product, please email us at security@hallow.app.

General Security Questions

If you have general security questions or concerns, please email us at security@hallow.app.