You are in:  

TransitFare Security

We are Serious about Security.

At TransitFare, we’re serious about the security of our products and processes. Your trust is important to us and we understand the importance of protecting your information and ensuring a secure experience when you use our products. Whether you are a transit rider or transit agency, we want to ensure your data is kept private and stays within our system. 

Security Measures

Application Security

Application security ensures that our software applications are protected against external threats by implementing proactive defenses within the application itself. We focus on secure coding, robust authentication, and comprehensive data validation to safeguard all application interactions.

  • Development Practices: We use secure coding guidelines to prevent common vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) to keep the various layers of our applications secure.

  • Authentication and Authorization: We use strict user roles to identify users and ensure they have the right level of access to data. 

  • Secure APIs: APIs are secured with TLS 1.2 so that data is secure while in transit. 

  • Regular Security Audits: We do regular security audits and code reviews to identify and address vulnerabilities.

  • Data Input Validation: All inputs from external sources are validated to prevent injection attacks and other malicious activities.

  • Automated CI/CD and Testing: Changes to our application code are automatically deployed to test environments where large numbers of automated tests run to verify everything is working as expected.

Data Security

We use strong encryption, meticulous access control, and continuous monitoring to maintain the integrity and confidentiality of our databases.

  • Encryption at Rest: We encrypt sensitive data while it is stored.

  • Access Controls: Only our staff that need access to databases can get it, and the access that is granted is based the principle of least privilege.

  • Automated Backups: Our databases are automatically backed up and replicated to safeguard data integrity and availability.

  • Database Activity Monitoring: We track and monitor the health of our databases to detect and respond to unusual activities.

  • Database Firewalls: We use firewalls to prevent unauthorized database access and to protect against external attacks.

Infrastructure Security

Our infrastructure security  measures ensure that the underlying systems that host and support our products are secure.

  • Physical Security: Our datacenters are hosted with Amazon Web Services (AWS) with best-practices applied to secure all infrastructure. AWS security features include surveillance, access, and environmental controls to protect servers and hardware.
  • Patch Management: We keep servers, operating systems, and applications up to date with the latest security patches.

Your Responsibilities

When using our systems, we ask that you keep your account credentials secure. If you believe your account credentials have been compromised, use our password reset feature immediately. We encourage you to take appropriate measures to protect your information, such as choosing strong passwords and logging out after using our services.

Reporting Vulnerabilities

If you believe you have identified a potential security vulnerability, please contact us. Please include as much information as possible about the vulnerability, including:

  • The type of vulnerability (e.g., SQL injection, cross-site scripting)
  • A detailed description of the vulnerability and how it was discovered
  • Any steps or actions that need to be taken to reproduce the vulnerability
  • Potential implications or risks associated with the vulnerability

You are welcome to report anonymously if you prefer. We respect your privacy and are committed to working with you in a confidential manner.

Upon receiving a report of a security vulnerability, TransitFare commits to the following:

  • Acknowledgment: We will acknowledge receipt of your report within 72 hours.
  • Investigation: We will promptly investigate the issue and work to verify the vulnerability.
  • Resolution: We will take appropriate steps to address the vulnerability in a timely manner.
  • Communication: We may keep you informed of our progress throughout the process if you have chosen not to remain anonymous.

TransitFare is dedicated to working with security researchers and the community to improve our online security. We appreciate your efforts in responsibly disclosing your findings and helping us ensure the security and privacy of our users.

Updates to Security Features

We are constantly updating and improving our security features so that they are as effective as possible. We’ll let you know about any major changes by posting updates on our website. 

Your Data & Privacy

At TransitFare, we prioritize your privacy and the security of your information. We never sell your data to anyone, under any circumstances. For more details, please review our Privacy Policy.

Contact

General inquiries to us may be sent to the following address:

TransitFare & Systems Ltd
Unit 42
760 Birchmount Road
Toronto, ON M1K 5H8
Canada
1 (888) 477-1103