The Tourial product is a public facing application by design. Most of our data exists in the form of these public tours.
We do not track Personal Identifiable Information (PII) except for customer's that create tours within our online studio. Access to our customer's data is stored securely in our password protected database. Their passwords are also encrypted.
Our email/password login system that salts & hashes passwords at rest. Upon login, users are issued tokens which are stored in a userSessions table. We can immediately revoke any/all user sessions if ever needed, logging everyone else out at once.
We run "Ghost Inspector" end-to-end tests every 30 minutes and Uptime pings every minute. Our engineering team is immediately notified if/when anything goes awry.
npm audit command that audits all our dependencies to ensure there are no known vulnerabilities. Additionally, we keep our codebase in a private Github repository that is behind their robust auth platform.