By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts.
PreferencesDenyAccept

Security

Your trust and data security are our priority

Our approach to security and data privacy

Our focus is on delivering value to our users, companies, and talent marketplaces through high-quality software which is robust, scalable, secure and always available.

Spacewalk will never compromise on our users' privacy and our platform's security.

Our team are technology purists who believe in strong encryption, tight and robust privacy controls, risk prevention and protection.

Your data

Your data is yours and we only use it for the purposes required to deliver the Spacewalk service. We do not request data from you that is not directly used to provide this service.  We do not share your personal data with anyone else.  

You have the freedom to see and correct your personal data via our dashboard.  If you leave the service we will delete the personal data we hold on you.

While we hold your personal data we have a duty of care to protect and respect it. Consequently, our internal processes and system development practices emphasise a privacy by design approach where data privacy and security are by default the foremost consideration in everything we do.

Additionally, Spacewalk only grants the permissions necessary for our staff to perform their role and those permissions are regularly audited, and we have preventative security measures in place to protect against unauthorised access.

We have a documented policy and playbook for how we handle incidents which is clearly communicated to the relevant Spacewalk staff.

Spacewalk has undertaken significant steps to ensure that our software is compliant with GDPR regulations. You can see our commitment on GDPR here.

Hosting

Spacewalk exclusively uses Amazon Web Services for all of our dashboard and customer data related infrastructure systems. We use a carefully selected set of services and providers for specific capabilities, for example Drift for in-page chat.

All of our infrastructure currently resides within the Ireland region of Amazon Web Services, while our content caches are globally distributed across many AWS regions.

Password and credential storage

Spacewalk forces users to use strong passwords which are more difficult to guess through brute force methods.

Spacewalk never stores your original password, instead we only store a hash (salted) which represents your password. Hashes cannot be reversed to reveal your actual password.

When you try and login, we calculate the hash of the password you’re trying to login with and a match means you’ve entered the right password – but we never store your actual password.

Monitoring

At Spacewalk, we engineer-for-failure, such that failing components are automatically removed and replaced without the need for human involvement.  Nevertheless, we actively monitor vital stats of each component and the externally visible health of our services, so we can respond to issues quickly and ensure an uptime figure we’re proud of.

Resilience

Our infrastructure is set up in a high availability configuration with no single-points-of-failure, and scales according to fluctuating demand, ensuring that isolated faults and usage peaks do not negatively impact the availability or performance of our service.

Additionally, we use globally distributed content caches to provide a highly responsive experience to our users while also providing an additional layer of protection against malicious attacks.

Backups

We backup data continually and take snapshots each night.  We also retain a copy of data in another AWS region using a separate AWS account, with a break-glass-in-emergency access policy.

We have a documented recovery process that we regularly test to ensure we’re always ready to restore a backup – should the need ever arise.

Encryption

Spacewalk enforces mandatory encryption on all data in transit and at rest, when you connect to our servers it will always be encrypted. Spacewalk uses encryption at multiple layers throughout our technology and infrastructure. The encryption keys are securely stored in Amazon’s Key Management system and are never transmitted out of the AWS infrastructure region.

Vulnerability scanning

We continually test for vulnerabilities, not only in our own code but also in all of the libraries and third party code we use. We use automated testing approaches to help ensure our infrastructure remains hardened. We implement automated and manual testing of our software to ensure that it remains reliable, performant and secure.

Policies & procedures

Spacewalk has developed comprehensive policies and procedures for how our staff members are expected to behave and contribute to the ongoing security, privacy and stability of our software. Our employment contracts enforce these obligations.

Responsible Disclosure Policy

At Spacewalk, we take the security of our users' data very seriously. We encourage those who have discovered potential security vulnerabilities in a Spacewalk service to disclose it to us in a responsible manner.

We will work with security researchers to validate and respond to vulnerabilities that are reported to us. If you discover a security vulnerability and report in accordance with this Responsible Disclosure Policy, we will not take legal action or terminate your account access. Spacewalk reserves all of its legal rights in the event of any noncompliance.

Testing for Security Vulnerabilities

You may only test against an account for which you are the account owner or an agent authorized by the account owner to conduct such testing.

Spacewalk Prohibits the Following Types of Research:

  • Accessing, or attempting to access, data that does not belong to you
  • Executing, or attempting to execute, a denial of service attack
  • Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages
  • Testing third party websites, applications or services that integrate with Spacewalk
  • Knowingly posting, transmitting, uploading, linking to, sending or storing any malware, viruses or similar harmful software

Reporting Potential Vulnerabilities

Please share the details of any suspected vulnerabilities with the Spacewalk Security Team by email to security@gospacewalk.com. Please do not publicly disclose these details without express written consent from Spacewalk. In reporting any suspected vulnerabilities, please include adequate information to allow us to reproduce your steps and follow up.

No Compensation

Spacewalk does not compensate individuals or organisations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of this Responsible Disclosure Policy.

Spacewalk’s Commitment

To all security researchers who follow this Responsible Disclosure Policy, Spacewalk promises to:

  • Acknowledge receipt of your report in a timely manner
  • Provide an estimated time frame for addressing the vulnerability
  • Notify you when the vulnerability is fixed
  • Publicly acknowledge your responsible disclosure*, if you wish

* We'll acknowledge the first person to alert us of medium-critical severity security issues that are previously unknown to us.

Thanks!

Spacewalk thanks the following individuals and organisations that have participated in our responsible disclosure program:

  • Be the first on this list!

Solutions

For education and training providersFor member communitiesFor SMBsFor talent on demand agenciesFor any niche community

Product information

Why SpacewalkDemo CentreHow it worksPricingMarketplace featuresHiring featuresFinding talentFinding work

Company

AboutBlogContact us (Sydney)Contact us (London)Book an intro callSecurityReferral program (→ 30%)

Support

Demo CentreFAQsHelp & resourcesBook a callContact us
© 2024 Spacewalk. All rights reserved.
Privacy PolicyCookie PolicyGDPRTerms of Use