Security Governance & Compliance
Our commitment to security is evident through our alignment with internationally recognized security standards and our ongoing pursuit of SOC2 Type II certification. We prioritize compliance through frequent internal audits and thorough third-party assessments.
Data Protection Measures
Data at Rest
- Industry-standard encryption algorithms secure all stored data
- Centralized key management ensures effective control and regular key rotation
- Field-level encryption for particularly sensitive data
Data in Transit
- TLS 1.2, 1.3 are supported for maximum compatibility and security.
- Additional network protection layers add further security.
- Secure file transfer protocols are available with key-based authentication.
Secret Management
- Centralized secret management system for all credentials and API keys
- Hardware-based secure storage for key material
- Role-based programmatic access for application components
Product Security
Penetration Testing
- Quarterly penetration tests are conducted by industry experts
- Focus on both the application layer and the infrastructure
- Detailed assessments against a wide array of vulnerabilities
Vulnerability Scanning
- Static and dynamic code analysis during development phases
- Regular scanning for vulnerabilities within software dependencies
Data Privacy
We are committed to complying with international data privacy standards, including but not limited to GDPR and CCPA.
Privacy Measures
- Data Loss Prevention (DLP) features are implemented within storage solutions
- Role-Based Access Control (RBAC) for data access
Regulatory Compliance
- Regular automated Data Protection Impact Assessments (DPIAs)
- Company-wide training on data privacy standards and regulations
Exposed API
Our API is protected by robust authentication and throttling techniques, ensuring a high level of security. We diligently collect and store log data for a period of two months, allowing us to closely monitor and swiftly respond to any potential security incidents.