Privacy and security of our customers are our topmost priority. Here's what we've been busy with lately:
Our help desk system is primarily built around email. We do have live chat and even social media integration via Zapier, but email has always been our top focus. That is why we're really excited to announce that we're now automatically removing tracking pixels from all incoming emails, even the ones you import from your own mailboxes via POP/IMAP servers.
Spy pixels are tiny invisible images embedded into emails. Every time you look at the message, the pixel is loaded from the attacker's server, so they know you opened their email, where you are, and lots of other info.
Our HTML sanitizer detects all the shady CSS-techniques used to hide those pixels, 1x1 images, trackers etc
All emails coming through our built-in SaaS-version mailboxes are scanned for viruses and spam and we've just improved that module a lot.
Every file uplaoded via the web-interface, the mobile app or sent via email is also scanned for malware.
We've recently abandoned Google Analytics so our website is free of any 3rd party cookies now. We're not helping any big corporations and ad-networks identify who you are and which websites you visit.
We also removed all the analytics from the app itself. Our merketing team used to measure trial "engagement" and other conversion metrics with 3rd party analytics tools - that's all gone now. No 3rd party tracking.
We hired a (ridiculously expensive) external pen-testing company and they've been abusing our servers literally every day for 2 months (December 2020 - January 2021). And I'm very proud to say we've stood the test. They found only 3 high threat vulnerabilities and no critical ones. All of them fixed now.