6.1 Infrastructure Security
Hosted on AWS/GCP (SOC 2, ISO 27001 certified). We use WAFs, DDoS protection, and private networks to secure our backend.
6.2 Application Security
We follow a Secure Development Lifecycle (SDLC). Code is scanned for vulnerabilities (SAST/DAST) and reviewed by peers. IDs and secrets are managed via KMS.
6.3 Data Encryption
- At Rest: AES-256 encryption.
- In Transit: TLS 1.3 encryption.
- Backups: Encrypted and geo-redundant.
6.4 Access Control
We use MFA, Role-Based Access Control (RBAC), and Least Privilege principles. Employee access is logged and audited.
6.5 Incident Response
We have a defined incident response process (Detection, Triage, Containment, Eradication, Recovery). Critical incidents are addressed within 15 minutes.
6.6 Vulnerability Management
We perform continuous dependency scanning and annual penetration tests. Critical patches are applied within 24 hours.