Encryption at Rest: All of your data, including database records and backups, is encrypted at rest using the AES-256 standard.
Encryption in Transit: We secure data in transit between your device and our servers using TLS 1.2 or higher.
Key Management: All encryption keys are securely managed using AWS Key Management Service (KMS), with strict access controls and rotation policies.
Data Handling: We have comprehensive policies for data classification, retention, and secure disposal to ensure your data is managed responsibly throughout its lifecycle.
AWS Data Centers: Our platform is hosted on Amazon Web Services (AWS), a global leader in cloud infrastructure. AWS manages the physical security of their data centers, which are protected by extensive measures including 24/7 surveillance, biometric access controls, and redundant power systems.
Compliance: AWS data centers are certified for a wide range of compliance standards, including SOC 1/2/3, ISO 27001, and PCI DSS, ensuring the physical environment meets the highest security requirements. We do not store any customer data at our physical office locations.
Threat Detection & Monitoring: We use a Web Application Firewall (WAF) and continuous monitoring tools like New Relic to detect and alert on threats, anomalies, and unusual system activity.
Vulnerability Management: We conduct regular vulnerability assessments and third-party penetration tests to proactively identify and remediate security weaknesses in our platform.
Resilience and Recovery: We maintain a comprehensive Business Continuity and Disaster Recovery (BCDR) plan, which is tested annually. Daily automated backups ensure your data is safe and recoverable.
Change Management: All changes to our production environment follow a strict, documented process that includes impact analysis, peer review, testing, and approval to ensure system stability and security.
Security Training: All employees and contractors undergo regular security awareness training, covering topics like our acceptable use policy, data privacy, and threat identification.
Personnel Security: We conduct background verification checks for all new hires and require all personnel to sign confidentiality and non-disclosure agreements.
Policies and Procedures: We maintain a comprehensive set of information security policies and procedures, which are reviewed and approved annually by management to ensure they remain relevant and effective.
Vendor Risk Management: We perform a formal risk assessment for all vendors before onboarding to ensure they meet our security and privacy standards.
