How We Keep You and Your Projects Safe
DATA AND INFORMATION
• At Rest: Your data only resides in the production environment encrypted with AES-256.
• In Transit: All network communication uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
Our backup processes ensure data and information consistency with highest standards.
Passwords are secured with industry standard encryption (bcrypt).
Your data never leaves the US. Not in the US? We are EU-US Privacy Shield compliant.
Payment details are not stored and all payments go through our partner, Stripe (they are PCI compliant!)
Account Verification for Non-SSO Users
Users are required to validate their accounts via a link provided in an automated e-mail.
Our cloud provider is Amazon Web Services. We leverage their tools to set up firewall rules, intrusion and DMZ policies.
We scan our infrastructure and applications periodically to detect any existing vulnerability.
We log every action performed in the system.
Security and confidentiality incidents submitted to firstname.lastname@example.org will be resolved in accordance with established incident policy.
Monthly risk assessments are performed to ensure the application is secure.
All of our vendors offer industry-leading products and go through an exhaustive security audit to ensure their practices fit our highest security and compliance standards.
Employee’s level of access is determined by the job position. Logical access reviews are performed periodically and access is immediately removed if no longer necessary.
We enforce it for every employee.
We run background checks and sign confidentiality agreements with all employees. We also train them in Information Security and Secure Development Practices.