Lifelong is committed to protecting the security of your data.
The lifelong.io production environment is hosted exclusively with Heroku and their designees and affiliates. They have an extensive writeup on their security measures available at Heroku Security Policy.
Lifelong employs a security researcher and a variety of third-party tools to keep our software up to date and to eliminate potential vulnerabilities.
All changes to the Lifelong Products and Services are made through careful testing and review in development and staging environments before being deployed to production.
All data transmitted to and from Lifelong is done via TLS, the successor protocol to SSL.
All data submitted to Lifelong is backed up nightly to at least one encrypted off-site location and at least one hot-swap database that can be brought into production in case of failure.
We do not encrypt data on production disks, since it wouldn't improve its overall security. Any user or program with access to the disk would also need access to the encryption and decryption routines, which would negate any additional security benefits. Our security efforts are thus focused on our software, physical, systems, and operational security postures.
No Lifelong employee has access to your data unless required to for support reasons. Support staff may sign into your account to access settings related to your support issue. When working on a support issue, support staff respect your privacy as much as possible, and only access the data and settings needed to resolve your issue. Support staff are not permitted to make copies of your data for any reason.
If you choose to add payment information to your Lifelong Account, Lifelong does not store any of your card information on our servers. Rather, we hand it securely to Braintree Payment Solutions for processing and storing on their PCI Compliant servers.