Security at Fountain

Last Updated Date: May 01, 2018


At Fountain, we take security seriously. If you need to contact our security team, you can reach us at [email protected].

Data encryption

Fountain forces HTTPS for all services using TLS (SSL). We also utilize HSTS to ensure that browsers only connect via secure HTTPS connections. Fountain uses AES-256 for encrypting documents at rest.

Fountain also regularly uses third-party security vendors to perform audits of our platform to ensure that we are using the best practices to keep all data secure.

Fountain Responsible Disclosure Policy

Data security is a top priority for Fountain, and Fountain believes that working with skilled security researchers can identify weaknesses in any technology.

If you believe you've found a security vulnerability in Fountain’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure policy

  • Let us know as soon as possible when you’ve discovered a potential vulnerability by emailing us at [email protected] We vow to acknowledge your email within 24 hours. If you prefer to encrypt your communications, you can use our PGP key.
  • Provide us a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Fountain service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from:

  • Testing https://www.fountain.com, as this is just our marketing site
  • Denial of service
  • Spamming
  • Social engineering or phishing of Fountain employees or contractors
  • Any attacks against Fountain’s physical property or data centers

Thank you for helping to keep Fountain and our users safe!

Changes to these guidelines

We may revise these guidelines from time to time. The most current version of the guidelines will be available at https://www.fountain.com/security.

Contact

Fountain is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at [email protected].