Security & Hosting
How We Host Your Data
We take security seriously. Our servers are hosted in a world class data center that is protected by biometric locks and 24-hour surveillance. We ensure that our application is always up to date with the latest security patches.
Our data center is located in The Netherlands, Amsterdam and EU Safe Harbor compliant and all our plans include 256-bit SSL encryption for communication between servers and storage to keep your data safe at all times.
All the services in our datacenter have certification for compliance with ISO/IEC 27001:2013, 27017:2015 27018:2019 and ISO/IEC 9001:2015.
Virtual Private Cloud
Plottu is hosted in a virtual private cloud. The diagram below shows the basic structure of a VPC cluster that we use.
Example drawing created at cloudcraft.co
The first thing each visitor will hit will be a Content Delivery Network or CDN. We use CloudFlare, which includes some additional security benefits like a WAF (web application firewall) and DDoS protection. The CDN serves images and static content from whichever data center is closest to a visitor, which limits the traffic that actually makes it to the web servers and can speed up page load times
EC2 and Elastic Load Balancing
For the actual web servers, we use at least 2 EC2 large C4 instances running Linux with 8GB memory each. Within each region, there are multiple “availability zones”, which are separate physical data centers. This builds in redundancy, should there be an outage or natural disaster that affects one location, the other can take over.
Directing traffic to these EC2 instances is an Elastic Load Balancer that determines which EC2 virtual server should handle each page view or action from a visitor.
For the database, which houses the content and user data, we use two RDS M4-Standard instances running MySQL. These are setup in a ‘master/standby’ arrangement with a failover to the standby should something go wrong with the master.
S3 File Storage
We use S3 for user file uploads like images and files. S3 is fast, redundant, and cheap for storage and bandwidth.
Our codebase runs on an Elastic File System (EFS). We use GitHub for code management and version control.
We use Sendinblue for sending emails like notifications, password resets etc.
Cloudwatch Alarms and Logs
Our hosting provider is watching over the VPC using Cloudwatch. Collecting logs and monitoring resources, Cloudwatch alarms will automatically add (or remove) EC2 instances when load warrants it and they can also scale to handle high traffic.