Privacy, Performance and Security

Privacy

The SwimTopia service is hosted at Heroku, one of the largest and most advanced cloud application platform providers which is in turn underpinned and complemented by Amazon Web Services, the world's largest cloud computing provider. SwimTopia is designed to take full advantage of the scaling capabilities of the Heroku platform. SwimTopia is served by multiple application servers at all times. Request rates, response times and server processing load averages are all continuously monitored and used to dynamically increase or decrease server capacity in real-time to adapt to bursts of high traffic and to ensure consistent levels of performance.

Security 

We take the security and privacy of the data we manage very seriously. We appreciate that we are being entrusted with private information including names, birth dates and email addresses. While SwimTopia makes it easy for teams to collect payments online at no time do any of system come in contact with private customer payment information including credit card numbers.

Our payment processing provider, WePay, provides protection for all credit card information. WePay is a Level 1 PCI compliant payment provider (the highest possible level).

All traffic on SwimTopia is encrypted using the secure https protocol to protect the security of password protected pages and sensitive data collected during registration or other times. This ensures that no one on the same network will be able to snoop to see your password or other private information. 

Heroku and the Amazon Web Services platform provide additional protection, at the operating system, network and physical hardware layers.

More information:

• Heroku Security
• Amazon Web Services Security
• WePay Security

System Monitoring & Uptime

SwimTopia is monitored 24/7 by a third party service to measure performance and uptime, and to provide immediate notification in the event of an outage. We make our performance and uptime history available publicly at http://status.swimtopia.com.

You can't manage what you don't measure. In addition to monitoring overall service availability, we also use the New Relic application monitoring service to measure performance on a request-by-request basis to enable us to more easily identify areas needing performance improvement, as well as overall system health and performance of time.

Safeguards to Prevent Data Loss

SwimTopia employs multiple layers of safeguards to prevent loss of data, including: 

1. Our primary database is replicated in real-time to a standby server in a geographically separate data center, so we always have a failover ready in case of emergency.
2. We maintain daily, weekly and monthly backups of the entire database. We regularly test these backups. 
3. We maintain a continuous up-to-the-minute log of database changes for each day, so that even in the unlikely case we had to restore from a previous backup, we’d be able to restore data all the way up to within one minute of the point of failure.

At the most basic level, for nearly all data -- and especially including registrations and payments -- we employ a technique called "soft delete" to enable recovery of deleted data. Like the trash can on Windows or Mac OS, when you delete something it is moved out the way and marked as "trash" but can still be restored if needed. We do this to protect against accidental deletions.

Preventing Spam in your Contact Us form

SwimTopia provides protection from spam bots automatically filling out your Contact Us Forms by including the following on each Contact Us Form snippet that you add to your website:

1) A hidden field with a randomized value that is tied to the user's session and must match upon submission 

This would require the spam bot to request a new form from our server before each form submission, which will probably prevent most spam, and would at minimum greatly slow down the rate of spam.

2) A hidden field that must be left empty

Many spam bots provide some data for all fields.

We believe the combination of the above two measure will be effective in eliminating spam from Contact Us form submissions without adding the annoyance of a CAPTCHA (challenge-response test) field to the form.