Security Practices

Data Protection & Encryption

• All data is encrypted in transit using TLS (HTTPS).
• Data stored within our systems is encrypted at rest using cloud-managed encryption.
• Sensitive credentials and secrets are securely stored and access-restricted.

Infrastructure Security

• Our infrastructure is hosted on Google Cloud Platform (GCP).
• Production and development environments are fully separated.
• Network-level protections and firewall rules are used to limit access.
• System activity and logs are monitored to detect abnormal behavior.

Access Control

• Access to internal systems is granted based on the principle of least privilege.
• Multi-Factor Authentication (MFA) is enforced for team access to critical systems.
• Access rights are reviewed periodically and revoked when no longer required.

Secure Development Practices

• Source code is managed using version control systems.
• Changes to production systems follow defined deployment processes.
• Production, staging, and development environments are isolated to reduce risk.
• Security considerations are incorporated into the development lifecycle.

Incident Response

• We maintain an internal incident response process to address potential security events.
• Security incidents are investigated, documented, and remediated in a timely manner.
• Customers are notified when required by applicable laws or contractual obligations.

Compliance & Privacy

• We process personal data in accordance with applicable data protection laws, including GDPR.
• Our organization is actively working toward SOC 2 compliance.
• Internal security and privacy policies govern how data is handled and protected.

Contact

For security-related questions or to report a potential vulnerability, please contact us at: