Hosted Security

Multiple Rackspace(check Status) Data Centers

Monthly backups are encrypted off site

Only the strong password protected ssh key in control of our security manager has access to hosted environments

Stable Linux branches are used and security updates are applied in under 3 hours

Application Security SSL (prevent passwords collection from public Wifi, Additional Option)

White list (prevent passwords guessing from known hostile networks)

Session Security Level to 4 (prevent session hijacking)

Minimum password length to 8 (make password guessing harder)

Auto blacklisting

Authentication report

Active Directory Authentication

Administrative Security

Staff workstations use annual fresh installs of OS X to avoid most malware

Payment information is transmitted and stored offline

Only Senior staff have access to sensitive information

LAN Security (Client options)
Whole disk encryption (prevents bypassing security by reading the disk with another computer)
Dedicated server (reduces exploitable surface area)
Linux OS (protects from windows malware)
Firewall blocking all but ssh and the noodle http[s] ports. (reduces exploitable surface area) ssh keys (prevents password guessing on ssh)
Encrypted VPN or ssh tunnel (use with keys will prevent MITMA from a spoofed Wifi or an untrusted ISP or government)
Anonymity networks like tor can be used (optionally with SSL or ssh) (in practice will prevent anyone, including governments, from knowing what server a user is talking to) Isolation; not, indirectly,  NAT, or public network connection

Regulation Compliance
HIPAA, Not applicable as we do not store client health data
Noodle emails contain a one click unsubscribe link