To learn more about the steps you can take to stay safe on Check, read about our security features.

All data sent between your browser and the website that you are connected to is encrypted. We do not, however, currently encrypt traffic internally between services.

API tokens: Users can log in with application credentials without having to share them, they are stored in tokens. These are used to inform the API that the bearer of them has been authorized to use and perform actions.

DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Just as DDoS attacks are by their very nature distributed, Cloudflare's DDoS mitigation system is distributed across our massive global network.

SSH is a protocol to log in to our servers. SSH provides strong authentication and secures encrypted data communications for administrators and operating services.

We run SSH on a standard port with public-key encryption. We use Amazon GuardDuty to alert us of attacks.

Firewalls provided by AWS Security Groups and ACLs protect the server from unwanted traffic based on rules that block connections and control traffic.

Cookies are short pieces of text that are stored by a visitor's browser and used as an identifier for a session. Data stored in our product cookies are encrypted so they are safe from being read by unauthorized parties.

To prevent attacks using an existing session ID (called “session fixation”), a new session ID is assigned every time a user logs in.

Different types of users are granted different levels of information access. Users who aren’t logged in do not have all the same access to information available to logged-in users.

For logged-in users, their access and functionality differs depending upon their role. For example, only authorized users who are granted delete permission can execute a successful deletion operation to remove content.

Code Climate performs an automated code review for ensuring code health.