You rely on us as a critical service provider. This guide is to be transparent about how seriously we take that responsibility.
We use Google Cloud in
us-west1 (Oregon). We’re multi-zonal so we’re designed to be robust against the loss of a data center.
We use Google Cloud-managed load balancers in front of a Google-managed Kubernetes cluster.
Our Federal Reserve, The Clearing House, and Visa connections require physical routers. They’re kept in an Equinix collocation facility in Seattle, WA. We maintain redundant hardware, power, and network connectivity.
We use Google Cloud SQL as our primary data store. We use a regional high-availability configuration with automated multi-region daily back-ups. We test our back-up restoration process daily.
Our critical service providers are:
We use Google Cloud Monitoring for our infrastructure. We use UptimeRobot for independent monitoring. We run continuous database state checks to ensure all operational data is as expected.
We maintain Business Continuity and Disaster Recovery Plans. By policy they’re tested at least annually but, in practice, they’re tested far more frequently.
We maintain a status page here:
Our operational controls are independently audited annually. Our most recent System & Organization Control (SOC) Type I audit was in 2023-05. We’re scheduled to complete our first Type II audit in 2023-12.