We’re committed to the protection of customers’ data and maintain a high level of information security. We make it a priority to keep your data secure and prevent unauthorized access. We accomplish this by keeping privacy and security on the forefront of our mind when developing all of our products.
We undergo independent external audits and are certified SOC 2 Type 1 and SOC 2 Type 2 by AICPA. This is a testament to the competency of our internal controls put in place to safeguard customer data.
Our internal controls that safeguard customer data are designed correctly
Our system and controls have been tested for their effectiveness
Our information security management system can manage risks and identify weaknesses proactively
We encrypt our customers’ data with TLS 1.2+ in transit and AES-256 at rest. Our administrative controls enforce protection at every level of the organization.
We’ve distinct controls in place to prevent data leakage. Development, Testing, and Production environments are all isolated to keep data where it belongs.
Subnet and security group rules are leveraged to control network traffic. All components that process your data operate in our private network inside our secure cloud platform. Application-level ingress and egress filtering are implemented to control inbound and outgoing traffic. Our servers and network ports are behind load balancers and a web application firewall.
We use secure SDLC processes, including threat modeling, design reviews, code reviews, SCA. Manual QA are implemented to keep the product free of bugs. We also leverage up-to-date and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF).
We actively work to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests on a routine basis.
Our employees complete mandatory annual training on a wide range of privacy and security topics. Training targets phishing, escalating issues, insider threats, and malware. It is also updated on a regular basis to stay up to date with industry security changes.
We offer SSO integration with any SAML-based IdP.
Our customers can configure users and their respective permissions in any secure form they seek. We can assign privileges by role, department, and group as per requirements.
We maintain audit logs for actions taken by any user. This includes the date/time stamp, user, and the action taken.
We carefully authenticate and authorize all users and devices before granting access to production resources. Security measures are consistently applied across the network.
We conduct background checks on all employees, vendors, and contractors who work with us or have any access to data.
Mobile Device Management (MDM) is configured to enforce security for all employee devices. Enterprise anti-malware is installed to provide alerts on potential viruses to prevent data leakage.
Security is a top priority for us, and we continuously work with skilled security researchers and third party testers to identify weaknesses in our products and infrastructure. If you believe you have found a security vulnerability, please let us know right away by emailing us at email@example.com. We investigate all reports and do our best to quickly fix valid issues.