We host all our services on Google Cloud Platform.

Google Security Resources:

All our services operate on a default deny basis.

Only explicitly allowed traffic is allowed and only the services that need to be exposed to the public Internet are exposed.

All other services communicate using Private IP-addresses with our Virtual Private Cloud. All traffic between our VPC and the public internet uses SSL.

All our services use Kubernetes where only explicitly defined services and ports are used. No file uploading process or remote access to the machines are allowed or configured.

All services are hosted on Google Cloud Platform (GCP). Howwe Technologies continuously monitor the performance and resource usage of our services with automated alarms.

The capacity of our services can, via GCP be increased at any moment.

Howwe Technologies refer to GCP documentation for further details of the abilities and limitations.

Backups are made automatically at least daily and are replicated in multiple geographic regions.

Database backups are also made before new releases. Restoring from backup is tested weekly.

All our frontends are written in React and React Native and they exclusively talk to our API, they never talk to any of our other APIs directly.

All consumers of our API should only use our API and not the individual APIs, with the exception of the auth-api. See the API section of this document. Howwe Technologies use the Spring boot framework in Java for all our APIs. Currently there are four microservices

When creating a new API service Howwe Technologies use the same technologies and patterns as in existing services. They're all continuously updated.

Howwe Technologies use the GraphQL layer for writing our frontends.

Howwe Technologies use SQL for our main databases and all of them run on Google Cloud Platform.

Howwe Technologies use Auth0 for authentication. All the configuration and settings live in source code, environment specific configuration is available in the env-repository.