Nothing is more important to us than your security. Sensitive data deserves world-class monitoring, strict access controls and high-level encryption.
We are a certified ISO 27001 company, demonstrating to regulatory authorities and other interested parties that we take security of information we hold seriously and, having identified risks, we do as much as is reasonably possible to address them.
Our ISMS framework helps to reduce the likelihood of breaches, and the controls we have in place reduce the potential impacts of these security risks which is fundamental to our partners. This internationally recognised ‘best-practice’ standard allows our clients to feel safe and secure, and reassures partners that we look after their valuable assets and information security.
All traffic between our APIs and client-facing applications is encrypted and served over HTTPS (enforced with HSTS) using the strongest TLS security policies. We also submit all of our applications to external penetration testing.
We deploy group-based and role-based access control policies for data access on both the infrastructure and application level. We also keep a full audit log of administrative and user access.
All sensitive data in our applications is encrypted at rest using AES-256 Ciphers. We only keep sensitive data on privately accessible servers, never public.
Our applications are monitored and alerts are automatically triggered if something looks out of the ordinary. This tells us if there's a problem, so you don't have to.
Each of our applications is deployed within the AWS Cloud and is isolated on its own resources - within its own account and inside its own VPC. Sensitive resources, such as databases, are only able to communicate through private connections and are not available for access on the outside internet.