Security
Protecting your business data is fundamental to everything we do. Here's how we keep your information secure.
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your data is protected at every stage.
Infrastructure
Hosted on SOC 2 Type II certified cloud infrastructure with redundant systems, automated backups, and multi-region availability.
Access Control
Role-based access controls, multi-factor authentication, and audit logging ensure only authorized users access your data.
Business Continuity
Daily automated backups with point-in-time recovery. Disaster recovery procedures tested regularly to ensure data availability.
Data Protection
Encryption Standards
- In Transit: All communications use TLS 1.3 encryption. We enforce HTTPS on all endpoints and use HSTS headers.
- At Rest: All stored data is encrypted using AES-256 encryption. Database backups are also encrypted.
- Key Management: Encryption keys are managed through secure key management services with automatic rotation.
Data Isolation
Customer data is logically isolated at the application and database levels. Each customer's data is segregated and cannot be accessed by other customers.
Application Security
Secure Development
- Security-focused code reviews for all changes
- Automated security scanning in our CI/CD pipeline
- Regular dependency updates and vulnerability patching
- OWASP Top 10 security guidelines followed in development
Authentication & Authorization
- Secure password requirements with hashing using bcrypt
- Multi-factor authentication (MFA) available for all accounts
- Session management with secure, HTTP-only cookies
- Role-based access control (RBAC) for granular permissions
- API authentication via secure tokens with configurable expiration
Infrastructure Security
Cloud Infrastructure
Our services are hosted on enterprise-grade cloud infrastructure that maintains SOC 2 Type II, ISO 27001, and other industry certifications. We leverage cloud-native security features including:
- Virtual private cloud (VPC) network isolation
- Web application firewall (WAF) protection
- DDoS mitigation
- Intrusion detection and prevention systems
Monitoring & Logging
- 24/7 infrastructure monitoring and alerting
- Comprehensive audit logging of system and user activities
- Log retention and analysis for security investigations
- Anomaly detection for unusual access patterns
Operational Security
Employee Access
- Principle of least privilege for all employee access
- Background checks for employees with data access
- Security awareness training for all team members
- Access reviews conducted regularly
Incident Response
We maintain a documented incident response plan that includes:
- Clear escalation procedures and response team responsibilities
- Communication protocols for affected customers
- Post-incident analysis and remediation processes
- Regular tabletop exercises to test response procedures
Backup & Recovery
- Automated Backups: Daily automated backups of all customer data
- Point-in-Time Recovery: Ability to restore data to any point within the retention period
- Geographic Redundancy: Backups stored in geographically separate locations
- Recovery Testing: Regular testing of backup restoration procedures
Compliance
We design our security practices to meet or exceed industry standards and regulatory requirements applicable to our customers, including:
- CCPA (California Consumer Privacy Act) compliance
- PCI DSS compliance for payment data handling (via certified payment processors)
- Standard Contractual Clauses for international data transfers
Vulnerability Disclosure
We take security vulnerabilities seriously. If you discover a potential security issue, please
- Acknowledging receipt within 24 hours
- Providing regular updates on our investigation
- Working to remediate confirmed vulnerabilities promptly
- Not pursuing legal action against good-faith security researchers
Contact
For security-related questions or to report a concern:
Theia North Security Team
Email: