Platform Security

The Tiny Opera House application (“TOH”) is hosted on state-of-the-art security infrastructure.  Older versions are stored on Amazon AWS, which maintains strict physical control on several layers ( https://aws.amazon.com/compliance/data-center/data-centers/ ) and participates in a number of compliance programs ( https://aws.amazon.com/compliance/programs/ .)   A comprehensive guide on Amazon security can be found here https://aws.amazon.com/security

Newer versions of our platform are stored on the Google Cloud Platform which also maintains strict physical controls and has a trusted software and hardware security stack.

Access Control

Access to TOH is only allowed using a secured connection (SSH, SSL) and all access points enforce a password policy requiring complexity, and passwords are stored salted and encrypted in an Amazon RDS database.  Other user data is encrypted at rest.  The TOH application is configured with data level privacy controls to restrict access.

Personnel

Access to application development, and user data is granted on a need to know basis and at the minimum level necessary for the individual to complete their business task.

Encryption

All traffic to and from the TOH application and underlying infrastructure is encrypted at all times.  All user data is encrypted at rest.

Notification

Should there ever be a lack of confidence in our infrastructure, or reason to believe a breach has taken place, all TOH users will be notified using the primary email address established on the account.

Logging

All actions touching application data are logged, making detailed audits possible for the prior fourteen days.

Application Integrations

TOH allows users to connect to various external accounts, using either username/password credentials or through the OAuth protocol.  When requesting permissions, TOH selects the minimum scope in order to complete the task being requested by the user.  This permission can be revoked by the user, by visiting the external account vendors website and following their procedure for disconnecting of permissions.  Username and password credentials are not stored within TOH however the tokens utilized for connection are stored within our core database and subject to the controls outlined elsewhere in this document.

Financial Account Integration

As directed by the end user, TOH as a developer uses Plaid to establish a connection to your financial institution.  Information about the Plaid security and terms can be found at https://plaid.com/legal .  This connection does not allow TOH to create, modify or delete any financial transactions, but does grant us permission to store this data for your use within TOH.  The TOH platform provides mechanisms for users to pay for TOH platform and services using an ACH transaction to a connected account, if expressly granted by the user.

Account Deletion

TOH will be happy to delete any information from our platform should you request, either in part or in whole.