Security

Security is Paramount

  • All information in transit is encrypted.
  • All sensitive data is encrypted at our Application servers and then sent to storage.
  • Internal and external access is restricted.
  • We are constantly testing and evaluating our networks and the security of our service providers.
  • To maintain the highest level of security, we use penetration tests, thorough code reviews and advanced QA testing processes.

In Application Security

Enterprise Grade Roles and Permissions

  • Ability to create organizational structures and grant permissions.
  • Create users and admins.
  • Permissions can be applied and given across organizations.
  • Enforce separation of duties.

Adminstrator Utilities

  • Full audit trail capabilities for adminstrators.
  • Add/edit/remove users, organizations and products.
  • View connections and relationships with other companies.

Datacenter

Hosted at Amazon AWS and Hosted Datacenter

  • SSAE-16 Type II compliant data centers.
  • Physical security with 24-hour surveillance and biometric access controls.
  • Redundant power, cooling, and internet connectivity.

Physical/Logical Access

  • Physical and logical access is restricted to Operations personnel only.
  • All activity is logged and tracked.
  • Multi-Factor authentication.

Separate Non-Production and Production Environment

Data Protection

Data at Rest

  • All sensitive data is encrypted at the application layer using AES-256/SHA2.
  • Sensitive or above data, stored in DB, is stored as encrypted values.
  • Documents streams are encrypted before being stored in DB.

Data Transit

  • All data in transit from client is encrypted over HTTPS/TLSv1.2 using AES-256.
  • All internal server-to-server communication is encrypted.

Encryption

  • Key Management
  • Keys are rotated on a quarterly basis.
  • Data is re-encrypted on read/write access.
  • Keys are encrypted using AES-256.

Guiding Principle

  • Anything that can be encrypted will be encrypted.