Built securely by us, for your security

SECURITY PRACTICE

Security of your data is at the heart of our values and engineering. We use our own product everyday to monitor our security and compliance posture.

World-class security measures

  • Application

    Our application is compliant with SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.

  • Vulnerability scanning

    We regularly check and apply patches for third-party software/services. As and when vulnerabilities are discovered we apply the fixes within pre-defined SLAs.

  • Application access

    All access is protected by a role-based access-control (RBAC) system, which only lets users view data for which they have permission. It’s impossible for users to view data other than their own.

  • Secure infrastructure

    Our computing infrastructure is built by expert engineers and is accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.

  • Data encryption

    All data is encrypted at rest with AES. All user passwords are securely hashed; passwords are never stored in plain text.

  • Encryption in transit

    Comms between clients and our servers is encrypted with 128-bit SSL/TLS encryption. We use industry standard encryption for data traversing to and from the application servers.

  • Penetration testing

    We conduct periodic pen tests to ensure the security posture and uncover vulnerabilities, using the services of an independent, qualified VAPT service.

  • Security training

    Our team undergo security training, specifically designed for our infra and apps. It covers industry best practice around typical human-based-attack vectors involving phishing, passwords, attachments.

  • Access controls

    All access to our infra requires MFA, and is restricted to authorized personnel. We limit access to client data, only for support and troubleshooting.

Disclosure

We’re committed to making our system secure. If you find a security issue, please report it to us. We will make sure the issue is fixed and updated.