All user data collected from any application built by Grand Street is stored in our Core Services Database.
This database server hosts two database services that we use -- Redis and MongoDB. All non persistent user data
is stored with Redis and all persistent data is stored with MongoDB. The database server itself is a Digital Ocean
droplet; you can read about Digital Ocean's security practices here.
The database server defaults to blocking all connections on any port, except from authorized IP addresses. IP address authorization is granted, by admin only, on an as-needed basis.
Both database services further require username/password authentication and any service built by Grand Street with database access will only have access to data pertaining to that service.
Grand Street will NEVER distribute client-side programs(exes, etc) that contact our databse directly -- all database connections are made from our web servers.
Access to the databse server is granted to employees on an as-needed basis and is SSH only. SSH access to any of our servers requires the use of SSH keys.