Security is Encrypted

Security is Paramount

  • All information in transit is encrypted
  • All sensitive data is encrypted at our Application servers and then sent to storage
  • Access inside and outside to all information is restricted
  • We are constantly testing and evaluating our networks and the security of our service providers
  • Penetration tests, code reviews and QA testing processes are designed to keep security at the forefront.

In Application Security

Enterprise Grade Roles and permissions

  • Ability to create organizational structures and grant permissions for organizations
  • Create users, admins at any level of the org
  • Permissions can be applied and given across orgs as needed
  • Enterprise can enforce separation of duties

Admin Utilities

  • Full audit trail capabilities for admin
  • Add/edit/remove users, organizations and products
  • View connections and relationships with other companies

Datacenter

Hosted at Amazon AWS and Hosted Datacenter

  • SSAE-16 Type II compliant data centers
  • Physical security with 24-hour surveillance and biometric access controls
  • Redundant power, cooling, and internet connectivity

Physical/Logical Access

  • Physical and logical access is restricted to Operations personnel only
  • All activity is logged and tracked
  • Multi-Factor authentication

Separate non-production and production environment

Data Protection

Data at Rest

  • All sensitive data is encrypted at the application layer using AES-256/SHA2
  • Sensitive or above data, stored in DB, is stored as encrypted values
  • Documents streams are encrypted before being stored in DB

Data Transit

  • All data in transit from client is encrypted over HTTPS/TLSv1.2 using AES-256
  • All internal server-to-server communication is encrypted

Encryption

  • Key Management
  • Keys are rotated on a quarterly basis.
  • Data is re-encrypted on read/write access.
  • Keys are encrypted using AES-256.

Guiding Principle

  • Anything that can be encrypted will be encrypted

Data Availability

  • All database data is stored in AWS managed databases. All data storage is stored in multiple data storage groups
  • Multiple node clusters, multiple clusters groups in different availability zones
  • Real-time replication between all cluster groups