We’re committed to the protection of customers’ data and maintain a high level of information security. We make it a priority to keep your data secure and prevent unauthorized access. We accomplish this by keeping privacy and security on the forefront of our mind when developing all of our products.
We use the best practices and industry standards to ensure security for our customers. We implement key security protections from the beginning of our development process. This ensures security, integrity, and confidentiality of our customers’ data.
We undergo independent external audits and are certified SOC 2 Type 1 and SOC 2 Type 2 by AICPA. This is a testament to the competency of our internal controls put in place to safeguard customer data.
SOC 2 TYPE 1
Our internal controls that safeguard customer data are designed correctly
SOC 2 TYPE 2
Our system and controls have been tested for their effectiveness
We encrypt our customers’ data with TLS 1.2+ in transit and AES-256 at rest. Our administrative controls enforce protection at every level of the organization.
Customer Data Segregation
We’ve distinct controls in place to prevent data leakage. Development, Testing, and Production environments are all isolated to keep data where it belongs.
Subnet and security group rules are leveraged to control network traffic. All components that process your data operate in our private network inside our secure cloud platform. Application-level ingress and egress filtering are implemented to control inbound and outgoing traffic. Our servers and network ports are behind load balancers and a web application firewall.
Security in Software Development & Deployment Process
We use secure SDLC processes, including threat modeling, design reviews, code reviews, SCA. Manual QA are implemented to keep the product free of bugs. We also leverage up-to-date and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF).
We actively work to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests on a routine basis.
Information Security Awareness & Training
Our employees complete mandatory annual training on a wide range of privacy and security topics. Training targets phishing, escalating issues, insider threats, and malware. It is also updated on a regular basis to stay up to date with industry security changes.
We offer SSO integration with any SAML-based IdP.
Role/Permissions Based Access
Our customers can configure users and their respective permissions in any secure form they seek. We can assign privileges by role, department, and group as per requirements.
Audit Logging & Tracking
We maintain audit logs for actions taken by any user. This includes the date/time stamp, user, and the action taken.
Zero-Trust Model for Production Access
We carefully authenticate and authorize all users and devices before granting access to production resources. Security measures are consistently applied across the network.
We conduct background checks on all employees, vendors, and contractors who work with us or have any access to data.
Device Endpoint Security
Mobile Device Management (MDM) is configured to enforce security for all employee devices. Enterprise anti-malware is installed to provide alerts on potential viruses to prevent data leakage.
Vulnerability Reporting & Disclosure
Security is a top priority for us, and we continuously work with skilled security researchers and third party testers to identify weaknesses in our products and infrastructure. If you believe you have found a security vulnerability, please let us know right away by emailing us at firstname.lastname@example.org. We investigate all reports and do our best to quickly fix valid issues.
Terms of Service