Safeguarding Data: How We Make Security Our Top Priority
Section Title
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.
Discover how we keep data and documents secure with state-of-the-art security practices.
Infrastructure
Our networking infrastructure, including routers, load balancers, and DNS servers, operates in the cloud. All communications are encrypted end-to-end via HTTPS. We restrict access to our network by using a VPN with network access control lists (ACL) and IP whitelisting.
We monitor and control inbound and outbound network traffic with firewalls and IP whitelisting. We use an industry-leading solution to mitigate the risk of Distributed Denial of Service (DDoS) attacks. We also employ tools to monitor platform performance and log errors in our service, and we maintain separate environments for testing and production.
Data Management
Depending on your account settings, your documents are hosted in Europe (London) or North America. We ensure all data transmitted to or from our infrastructure is encrypted in transit using Transport Layer Security (TLS 1.2). All user data is also encrypted at rest with AES 256-bit encryption algorithm.
People
We mandate that all employees and developers sign a confidentiality agreement and adhere to our cybersecurity policy. We conduct criminal and background checks on all staff. Our cybersecurity policy undergoes a review every quarter, with regular training provided to our team on security best practices.
We implement a device management policy that enforces password strength and rotation, lock screens when away from desks, disk encryption, and remote locking capabilities. Additionally, our team must report actual or suspected IT security incidents promptly.
Application Security
Our solution follows OWASP security best practices. We tightly control access to our source code and restrict access to production data only to authorized staff members, protecting it with two-factor authentication (2FA), VPN access, and IP whitelisting.
Our team systematically reviews our code for security vulnerabilities and diligently monitors and updates dependencies to avoid known vulnerabilities.
GDPR Compliance
The General Data Protection Regulation (GDPR) has been in effect in the EU since 2018, aiming to protect user data for Internet services. We are committed to full compliance with GDPR. You can find more information about our actions to ensure compliance in a dedicated GDPR section.
Payment Information
We do not store payment information except for non-sensitive details that may be used by customer support (e.g., the last four digits of a credit card). We use Stripe for all payment-related processes, as it is certified PCI Level 1 and securely safeguards payment information on our behalf.
Conclusion
Data security and privacy are paramount to us, and we continually strive to enhance our measures to protect your information. If you have any questions or concerns, please don't hesitate to contact our support team.