Our Adherence to Protection

We encrypt our customers’ data with TLS 1.2+ in transit and AES-256 at rest. Our administrative controls enforce protection at every level of the organization.

We’ve distinct controls in place to prevent data leakage. Development, Testing, and Production environments are all isolated to keep data where it belongs.

Subnet and security group rules are leveraged to control network traffic. All components that process your data operate in our private network inside our secure cloud platform. Application-level ingress and egress filtering are implemented to control inbound and outgoing traffic. Our servers and network ports are behind load balancers and a web application firewall.

We use secure SDLC processes, including threat modeling, design reviews, code reviews, SCA. Manual QA are implemented to keep the product free of bugs. We also leverage up-to-date and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF).

We actively work to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests on a routine basis.

Our employees complete mandatory annual training on a wide range of privacy and security topics. Training targets phishing, escalating issues, insider threats, and malware. It is also updated on a regular basis to stay up to date with industry security changes.

We offer SSO integration with any SAML-based IdP.

Our customers can configure users and their respective permissions in any secure form they seek. We can assign privileges by role, department, and group as per requirements.

We maintain audit logs for actions taken by any user. This includes the date/time stamp, user, and the action taken.

We carefully authenticate and authorize all users and devices before granting access to production resources. Security measures are consistently applied across the network.

We conduct background checks on all employees, vendors, and contractors who work with us or have any access to data.

Mobile Device Management (MDM) is configured to enforce security for all employee devices. Enterprise anti-malware is installed to provide alerts on potential viruses to prevent data leakage.