Security
Security is our top priority. This is an outline of the security practices and measures we use to protect client data. Please contact us if you have any questions.Software Security
Our software development process includes automated security testing and dependency vulnerability checks.Individual services within the larger software are configured with the minimal permissions needed for each service to function.All infrastructure is managed using Terraform, which ensures that changes to access controls on the infrastructure are version controlled and auditable.Secure Cloud Providers
Client data is stored in a combination of Google Cloud and Amazon Web Services. We follow the shared responsibility model of our providers and regularly review their security settings and permissions.Data Encryption
All client data is stored with encryption at rest through the underlying providers we use, both for database storage and file storage. All data is encrypted in transit using TLS or (within Google Cloud) ALTS.Backups
Databases containing client data are backed up for 30 days with "point in time restore" capability. Secondary snapshot backups are created daily.File storage for client data uses dual-region storage for availability, with 30 days of object versioning for modifications and deletions.Multi-factor Authentication
Multi-factor authentication is required on all internal user accounts and all administrative accounts.