Bike Index home the non-profit bike registry
Sign up
  • Search bikes
  • Sign up
  • log in
  • Help
  • Stolen bike?
  • Donate
  • Blog
  • Search bikes

Security Policy

Last updated July 24th, 2020. Previous versions and the change history is available here.

Purpose

This document outlines Bike Index’s IT security recommendations, our expectations for security research, what we do to protect against data loss and downtime, and what we will do in the case of a breach.

Security Guidelines

All persons accessing Bike Index hosting tools access the tools from their own accounts. We require multi-factor authentication for all services that offer it. All individuals with access to hosting tools must use a password manager and use separate passwords for each service.

We automate fixes for operating system CVEs and web framework CVEs on the Bike Index webapp, to ensure applicable fixes are live as quickly as possible.

All Bike Index data is encrypted both at rest and in transmission, using industry standard encryption.

To protect our customers’ privacy, Bike Index only collects the minimum information required to provide the service and tools we offer.

Bike Index does not store healthcare or credit card information and therefore PCI and HIPAA compliance are not necessary.

Bike Index complies with all applicable legal and regulatory requirements for data protection, security and privacy for the services that we provide.

We limit and control access to each organization account. Unauthorized access to organizational and user data is strictly prohibited.

Security research

Bike Index is primarily an open source project and we welcome responsible security testing and vulnerability disclosure. If your report contains sensitive data, please contact admin@bikeindex.org (preferably using this GPG key).

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFSkF4IBEADUTE4p14fU0aseC5bqYmO3Se04lxCiGXQgrX97GRUD/9VnvLq4
sOZ4Nj870Zbkp9BcpWr/0bwaVWPnqkfPsYac3rqD2TeTSwYfq/BGpHPwGBk5+zn7
TQADPs1rkb8DL+JEFTBPDzoZA/AxOuUD5bBvaQRKSvi4LekWix47NWlwn7tDrs3s
WFMOau3DK7bj3OXtZtLLBMA/IS/sTX2k7a+FdDsxsrNrFXmoe7cf9hDy7bOq8kNs
oPIYKUsJTRnNh/6qU+qxziraFOGO45VyEp1j3AblqA/UiXtlY89giAgG2EJLJQPv
42FMHX/8bbL23qQ57Cw2AVjlBapYNnHtzW3Uz9JmfH+JHc9YvJEErj3XZWyq7pJt
bwGxuh+KyXfXm3gz+rgujbZYDF19vl/lr9ujefMof1sIM+brW4bameZ+t+mr6k8V
XtLnXjcqiwCZD/LYcl5KT5o5gxmsKNp/dktz8+u0tdssucM57CAUL9z2WSbhyyoA
zrmpzWL1CyOvmBT6mnMKhF4bfUh5GDrkvJOQSQM7BN1Y+9J/Pt5qrRL+Zr6l2Ny1
+cfMtgYPbYZD3Qfx5RbpE7wVshvoaqF4slnJ7NZHTINRPJNWnZ4EsoysbHq++H3v
tAMd24jNguVIXlJvkwS5a1165ajf4YawVSgNHO5xOB6RhAoQK69izhV5pQARAQAB
tB5TZXRoIEhlcnIgPHNldGhAYmlrZWluZGV4Lm9yZz6JAlQEEwEKAD4CGwMFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AWIQTMmUKkCwBFCFBqQGXe0SSTxIiRgwUCXxtT
ZgUJFLEOZAAKCRDe0SSTxIiRg9vZEACHOE/gBIiFAQm6vzv9/pfFZm29f//qaUBL
A6xIY5+D7sXntlzk75Q3oVYJev3pgnHMW9HSQQy3YYbUgMWU4hMTUxWCwcnajb/h
cgAMQqstFhlutOiodYPaLrGzFTHneRbHhP69J8m4zFWmyTKLviAb6Rgm2J71skRS
Ch8gIjOm2CVv/7k9FKI4CXFoFDU6zczRh4RVK219PbRzHOfRQRnRSAu7jqjVkUIl
Eown2F2zQ11c9KVM2+oksMIwK0DRM234ZqbAQXm0pl/H0aqf/wbeVk+BacEQscyO
/yqhehgG/x0W0LBQiS90lYOjcETiNIEZ43ToX1nF0HtjHZMi9xEk8BoPvL1J6Q48
hORTzMPXlFr9iDOtvIVMa30VviY1oYgqiIk1I5NWLId9H6xJ4e9GB78cpYWXzVv1
1w2JIDnt23EYzMDC9PwGa4NPapD4Qdqz3ToJe7g4JPAuVu5Um0LqiFwPAYFlMNrG
8ENvC88Q7xTNeK2phr8IaXkb7p4qm+Dq/4CAOPqMKilpEFY+NKC0Vi7DxXYEUktG
YXp84qwWzwRS0b2AgccIY18walojdt3Ryb6vRH9kntAiTPQoCu5Z75LlvEPBd+TE
KmiyhDpOt92IpGhyhN/OvwbmsACUcvDcsw3fGeaORNLv94/CgvZIMpyPL0aSka90
lLgUj+6zjbkCDQRUpBeCARAAoPZ7sIwjbKAJZB5FI3/lfHnPwQbLH/f2eq7ZbKC3
9Nporrya9TLMiFAeEm+b+Hyyl6di7ZAAzvXD8+g5yZNEnq9b+pnDr7eS8+qcwEL9
KuMHXgB7AA3zBd98y25KXiDMT7DxVXML1VeUQJvGV6BF17w2QVn8SiNytx11zlHb
sDkYaqPl6KSAzXusYVFu2AeeXbyvBDKTZHqfZMIieygzJt9u7DB+Snqs2ku3+Oto
6zepFzIELcYcyGf5Pw+UKBCdOImpD9uThl21tbTryuWynAJYslcj+xScXZJP5nVg
Aw4DCSRQxZ2UwwEU9uRD+mjXpnJk3PBRmB26WvZhEQlrxZV4l5AJRHu/xh8gxEA0
nA3l1eTwqEryVbOwTthTY993+FHmK/opzfpU+gm5VGOj6FQ65chx/5DhlUcIJHFu
uFqRVjxEEGaRb28oQhD+nq+Rbbr8mFj07oCM2pq0b5aTQtX2kpz+qulJAQK92aEP
2uvim4cqxNo/z+sj2xFH9eKaWrZ9tJ3UVv7WmqDwe8WcYrBt72d3PJZ8JFUUa9iD
XW/QaMtj6m+FByI3FotRPu+mqZNBHFwDegB849U4nTU8rIXKI7xoESkiN+4ATQg5
7+bc5r2mBuapgW102B481lJnj4CcoEJtbyVgMM2WIxZvdk+Yk0h2o/LIZHb2hVUD
O+UAEQEAAYkCJQQYAQoADwUCVKQXggIbDAUJC0nYAAAKCRDe0SSTxIiRg1a/EACg
JK7EP/vrBp/lc3UjXB+L5hRZiyF4+gAXdk8vhgKlWqdV8F1NqFnjm+3VUU8a1Zi/
WVkbcgMz8mZAMViXSdCMHZcjO9YBMnWOM8RyZUm98pizl4u/3qCoqBbcpPy1qs2B
7UdjKSC9yBLw6F80vC4AfCVm9WJtua4i8WzA7UPd2zmIDhqMW2j0B1WcOpSn8wP4
FArH9mf7wxHM0TXMiNHlFVlspbhDfKmupQ+/Dcrno00aC63qqzVQHIcloaWXgihM
PIRacOZZMzhKEhD73FBvZRua5f2sVprrO5dR/LqYVzGzFSWScm6BDjIgGoxaxDSv
8M7N4Z986efIAJeo0eEmcCmylqUNJG34X1vn+xA4OEogJ8HpJ2c5y0g4K/iBFiOT
+iP+AzrJOhE1xRti4OPEo4Rr/FFmf8DT0p6uHhPtjHXl0r7xIT7oZXfNh3lRyyrD
twN9axSn2YtNQKCWJQjQ9HmbRw3DRvL9uJecmb7jXV1fcHINMCVb9zZa/okadvRl
oin3sYur+n/DamrA764DfUPJjq5YGTge9tW4X8Ag2r47gjoSlhaYUxXD05SEx65Q
ZSzCdnWXFxXEHICVRCjiICIDFld8EpvX+Cg4e7GqXzmmbpmp1n2nydjzlwidwr5h
0HL2Gzabu1fvELj3DTpg9YtwHNE42zCSe4Atqfgt8A==
=+oNO
-----END PGP PUBLIC KEY BLOCK-----

When researching, please don't: Spam us, DOS or DDOS us or social engineer (including phishing) our staff or contractors.

Protecting against data loss and downtime

Bike Index backs up its database hourly and daily and stores the encrypted backups on a secure system, separate from our application servers.

Bike Index is hosted on virtualized servers in the cloud. We have failover systems prepared and the ability to redeploy a cloned version of the service using our database backups, to ensure that even in the case of a total server loss, recovery is easily possible. We historically have provided 99.9% uptime and strive to maintain 99.9% in any given month period.

In the case of a breach

If Bike Index discovers a breach or exposure, we will analyze the breach or exposure to determine the root cause. Bike Index will then work with the appropriate parties to remediate the root cause of the breach or exposure. Once the root cause has been resolved, we will individually contact any affected parties and will publicly share what happened and what we can do to prevent similar events in the future.

Questions about the Terms of Service should be sent to contact@bikeindex.org.

Bike Index

  • FAQ
  • Blog
  • Help
  • About
  • Where We Are
  • Stolen Bike Recoveries
  • Get your stolen bike back

Support Us

  • Donate
  • Store
  • Ambassadors

Resources

  • API documentation
  • Dev Resources
  • Design & Logos
  • Security
  • Bike Manufacturer List
  • Protect your bike
  • Stolen Bike Map

Who we serve

  • Bike Shops
  • Schools and Universities
  • Cities
  • Law Enforcement
  • Community Groups
  • Press inquiries
  • Bike Index Facebook
  • Bike Index Twitter
  • Bike Index Instagram

Privacy policy and terms and conditions

2022 © Bike Index, a 501(c)(3) nonprofit - EIN 81-4296194