Skip to content
  • There are no suggestions because the search field is empty.

Technical Overview

Tech Stack

Hosting: Linode

Linode is a cloud hosting provider servicing over 1M customers in 185 countries world-wide. We have been using Linode since 2018 and they have been proven to be extremely reliable. We operate several dedicated servers on Linode running the latest Ubuntu OS. Our servers are located in the Dallas, TX data-center.

Networking: Cloudflare

Cloudflare provides DNS routing, caching and (D)DoS (Distributed Denial-of-Service) attack mitigation. Cloudflare helps us avoid potential attack vectors as well as provide the best performance to our customers.

Security

Data

All communication is encrypted using SSL to prevent any data sniffing or manipulation while in transit between browsers and servers. PII (Personally Identifiable Information) is also encrypted at rest.  

Passwords

Passwords are stored using one-way encryption (also known as a one-way hash). This means that we or anyone who might have access to the data cannot deduce users' passwords.

Credit-cards and payments

Payment information, such as credit card numbers or bank account numbers are stored securely on our payment providers (Stripe, Square, Authorize.net and GoCardless), and never pass through our servers. Gymdesk receives a token representation of the payment information, which is a string of characters that allows us to charge payments on your behalf, without access to the actual payment information. All of our payment providers are Level 1 PCI DSS compliant (the highest level of certification available).

Server Hardening

Our server is routinely audited by security professionals and security updates are automatically applied to make sure any potential exploits are prevented. 

Best Practices

We follow web application security best practices for preventing common attack vectors, such as SQL injection, XSS (Cross site scripting), CSRF (Cross site request forgery), session fixation and more. We are constantly keeping up to date with latest development in information security to make sure we are at the forefront of preventing potential attacks.

Privacy and GDPR

We keep our tracking minimal and use GDPR compliant services only. Personal data removal can be performed by request. To learn more about the measures we take to protect your privacy, please refer to our Trust Center.