Our focus is on delivering value to our users, companies, and talent marketplaces through high-quality software which is robust, scalable, secure and always available.
Spacewalk will never compromise on our users' privacy and our platform's security.
Our team are technology purists who believe in strong encryption, tight and robust privacy controls, risk prevention and protection.
Your data is yours and we only use it for the purposes required to deliver the Spacewalk service. We do not request data from you that is not directly used to provide this service. We do not share your personal data with anyone else.
You have the freedom to see and correct your personal data via our dashboard. If you leave the service we will delete the personal data we hold on you.
While we hold your personal data we have a duty of care to protect and respect it. Consequently, our internal processes and system development practices emphasise a privacy by design approach where data privacy and security are by default the foremost consideration in everything we do.
Additionally, Spacewalk only grants the permissions necessary for our staff to perform their role and those permissions are regularly audited, and we have preventative security measures in place to protect against unauthorised access.
We have a documented policy and playbook for how we handle incidents which is clearly communicated to the relevant Spacewalk staff.
Spacewalk has undertaken significant steps to ensure that our software is compliant with GDPR regulations. You can see our commitment on GDPR here.
Spacewalk exclusively uses Amazon Web Services for all of our dashboard and customer data related infrastructure systems. We use a carefully selected set of services and providers for specific capabilities, for example Drift for in-page chat.
All of our infrastructure currently resides within the Ireland region of Amazon Web Services, while our content caches are globally distributed across many AWS regions.
Spacewalk forces users to use strong passwords which are more difficult to guess through brute force methods.
Spacewalk never stores your original password, instead we only store a hash (salted) which represents your password. Hashes cannot be reversed to reveal your actual password.
When you try and login, we calculate the hash of the password you’re trying to login with and a match means you’ve entered the right password – but we never store your actual password.
At Spacewalk, we engineer-for-failure, such that failing components are automatically removed and replaced without the need for human involvement. Nevertheless, we actively monitor vital stats of each component and the externally visible health of our services, so we can respond to issues quickly and ensure an uptime figure we’re proud of.
Our infrastructure is set up in a high availability configuration with no single-points-of-failure, and scales according to fluctuating demand, ensuring that isolated faults and usage peaks do not negatively impact the availability or performance of our service.
Additionally, we use globally distributed content caches to provide a highly responsive experience to our users while also providing an additional layer of protection against malicious attacks.
We backup data continually and take snapshots each night. We also retain a copy of data in another AWS region using a separate AWS account, with a break-glass-in-emergency access policy.
We have a documented recovery process that we regularly test to ensure we’re always ready to restore a backup – should the need ever arise.
Spacewalk enforces mandatory encryption on all data in transit and at rest, when you connect to our servers it will always be encrypted. Spacewalk uses encryption at multiple layers throughout our technology and infrastructure. The encryption keys are securely stored in Amazon’s Key Management system and are never transmitted out of the AWS infrastructure region.
We continually test for vulnerabilities, not only in our own code but also in all of the libraries and third party code we use. We use automated testing approaches to help ensure our infrastructure remains hardened. We implement automated and manual testing of our software to ensure that it remains reliable, performant and secure.
Spacewalk has developed comprehensive policies and procedures for how our staff members are expected to behave and contribute to the ongoing security, privacy and stability of our software. Our employment contracts enforce these obligations.
At Spacewalk, we take the security of our users' data very seriously. We encourage those who have discovered potential security vulnerabilities in a Spacewalk service to disclose it to us in a responsible manner.
We will work with security researchers to validate and respond to vulnerabilities that are reported to us. If you discover a security vulnerability and report in accordance with this Responsible Disclosure Policy, we will not take legal action or terminate your account access. Spacewalk reserves all of its legal rights in the event of any noncompliance.
Testing for Security Vulnerabilities
You may only test against an account for which you are the account owner or an agent authorized by the account owner to conduct such testing.
Spacewalk Prohibits the Following Types of Research:
Reporting Potential Vulnerabilities
Please share the details of any suspected vulnerabilities with the Spacewalk Security Team by email to security@gospacewalk.com. Please do not publicly disclose these details without express written consent from Spacewalk. In reporting any suspected vulnerabilities, please include adequate information to allow us to reproduce your steps and follow up.
No Compensation
Spacewalk does not compensate individuals or organisations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of this Responsible Disclosure Policy.
Spacewalk’s Commitment
To all security researchers who follow this Responsible Disclosure Policy, Spacewalk promises to:
* We'll acknowledge the first person to alert us of medium-critical severity security issues that are previously unknown to us.
Thanks!
Spacewalk thanks the following individuals and organisations that have participated in our responsible disclosure program: