Architecture & Security

Movatic’s Stack

Hosting: Google Compute, hosted multi-machine Kubernetes cluster, multi-region coming soon

API: Micro-service architecture using Python Flask

Database: Cockroachdb

Admin Site: React

Android: React Native + Java

iOS: React Native + Swift

Security Overview

• All server applications are hosted with Google Compute which an industry leader in providing reliable and secure infrastructure. Furthermore, this ensures that all infrastructure is to date and is being constantly updated for security.

  • Google Kubernetes Clusters are set up to update automatically.

• All communication with the Movatic server is done over SSL period. SSL configuration is routinely monitored and updated as necessary to ensure the highest level of security. Don't take our word for it, use the following link to see a report on our SSL configuration:

• No financial information is stored or is ever transferred to Movatic’s servers. We use leading 3rd party processors that keep all information on their highly secure and PCI system.

  • Movatic works with Security Metrics to maintain PCI DSS certification.

• All databases are replicated and are backed up daily.

• Libraries are routinely updated to prevent security vulnerabilities.

• Base images are routinely updated to patch OS container vulnerabilities.

• Movatic follows best practices to keep its systems secure.

• Legacy end-points are deprecated and removed over time to reduce attack surface area.

• Automated test cases are present to test for bugs and authorization.

• Extensive system monitoring is present including bug monitoring and Prometheus event monitoring. Prometheus events automatically trigger slack messages to the development team.

• Security is kept in mind as part of the spec'ing process.

Notification Policy

In the event of a security vulnerability, Movatic will issue an update. Web and API updates are instantaneous while User App updates will occur in a matter of hours if automatic updates are turned on. In the event that automatic updates are turned off, Movatic has the ability to force older versions of the application to upgrade before they have the ability to continue to use the service.

In the event, a major security vulnerability after the update had been completed admins would be notified of the patch.

In the event of a data break notification of the break would occur within 48 hrs. Movatic carries $2M of Cyber Insurance which includes data recovery and crisis management services.

Prevention of OWASP Top 10 critical Web

1. Databases are not directly exposed to the network and are behind a firewall.

2. APIs protect against SQL injection.

3. APIs that reveal private data requires authorization.

4. Hosting with Google Kubernetes Engine

5. Routine updates of libraries

6. All data is communicated over SSL with the server

7. A robust testing suite of automated and manual tests.

8. Extensive logging through Google Cloud and Prometheus

Insurance

Movatic carries a $2M cyber insurance policy along with a General Liability policy of $1M with a $1M balloon policy.

3rd Party Services Utilized

1. Stripe

2. Twilio

3. Cockroachdb

4. GKE

5. Mailgun

6. Maps: Mapbox, Apple Maps, Google Maps.

PCI Compliance FAQ

1. Provide your attestation of Compliance (AoC) or Report of Compliance (RoC)
2. Who is your Gateway & Processor?

   1. Stripe

3. Does Tandem store any credit card information themselves or is all card PAN data only accessible by the 3rd party processor and gateway?

   1. No. We don’t handle it directly. It’s all done through Stripe.

4. Does anyone at Tandem have the ability to view card PAN in any capacity?

   1. Only what is shown in Stripe, which is the last 4 digits.

5. Is there any way for anyone at client company to access card PAN in any way?

   1. No

6. Is there any way for anyone at client company to manually enter card data for a customer?

   1. Yes, via the “add card” option in the user details page of the Admin Site. That gets handled via Stripe. We can configure the Admin Site to omit this permission for client company.

7. Does your app offer the ability to save a card for future use? If so, how is this data stored by Tandem?

   1. Yes. Stripe stores the data and we keep a record of the ID of the user created by Stripe so that it can be referenced for future payments.

Multi-Factor Authentication FAQ

1. The USG requires multifactor authentication for all applications where a USG or [insert campus name] user is utilizing the application. Preferably this should be via SSO using SAML2. Anyone logging in with a @{campus domain} address should be forced to login using SSO. If SSO is not available, then there should be some other type of multifactor such as email code, text code, or one time password code (such as google authenticator). Any non-campus guest user should also be required to use 2 factor authentication.

   1. SSO is not available at this time, but it is in our roadmap for Q2 2025.

   2. All users of the customer-facing application must use a text code provided by SMS when logging in

2. Multifactor authentication must be present for the backend portal where reporting and refunds are issued. Again, ideally by SSO via SAML2.

   1. SSO/MFA are not currently available for the Admin Site (backend portal) but are on our roadmap

   2. We do not want our team to be able to issue refunds to customers via the Admin, portal which brings it into the category of a financial system. This brings a higher level of risk. If SSO/MFA is not available, can this ability be removed for all of our company personnel, and refunds only be issued by Tandem employees?

      1. Yes, our standard practice is to disable access to these features for company personnel.

Privileged user management FAQ

1. We need a way to either manage users of the dashboard ourselves or we need to know the policy for removing and adding users through you all.

2. We need to know what user roles the dashboard has as well as what permissions the roles grant.

   • Admin: Ability to create other admin users. TANDEM ONLY

   • Users: Permission to access and manage users tab. OPTIONAL FOR COMPANY

   • Rentals: Permission to view rental details. OPTIONAL FOR COMPANY

   • Hardware: Permission to create or edit hardware. TANDEM ONLY

   • Locations: Permission to create or edit locations. OPTIONAL FOR COMPANY

   • Customer Support: Permission to manage support tickets. TANDEM ONLY

   • Maintenance: Permission to manage maintenance tickets and maintenance logs. TANDEM ONLY

   • Memberships: Permission to create and/or manage memberships. OPTIONAL FOR COMPANY

   • Rates: Permission to create, archive, or edit rates. OPTIONAL FOR COMPANY

   • Refunds: Permission to issue refunds to users. TANDEM ONLY

   • Settings: Permission to edit and view settings. TANDEM ONLY

3. We need to know the procedure to occasionally pull the list of dashboard users and what role they are assigned.

   1. We can provide this at any time. Please direct requests to partnersupport@tandem-mobility.com.