Customer data is stored in a secure Virtual Private Cloud (VPC) hosted in Amazon Web Services. VPC is further segmented for security and manageability.
Users are restricted to accessing only the required information and systems that are necessary to perform their job. This effectively enforces segregation of duties.
Data in transit and Data in rest are both encrypted. Communication is encrypted using TLS 1.2 for secured transmission.
Our platform is hosted in data centers that comply with most of the global IT standards. Some of those are CSA, ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3. All access to the data centers are tightly controlled and monitored 24 hours per day. Access to our office is restricted to authorized users only. The facility is monitored 24 X 7.
All the changes in the product are put through a code review and security analysis process and tested by the Quality Team before the changes are released, ensuring the product quality and security.
We follow an agile process for development. Each and every feature is well defined and given appropriate priority for the development. Security requirements are given the highest priority and are fixed as soon as possible.
We use cloud version control systems to manage our source code. Product versions are tagged and maintained in the access restricted branches.
Production access is restricted to a very few people based on their roles and responsibilities. Access controls are defined and executed for each and every role based on a need-to-know basis.
All our components are replicated in multiples across different availability zones. All our components are in real-time active-active mode and serving the traffic.
Data is replicated in n+1 and the replications are in act ive-active mode. We also take automated backup every day.
We have an on-demand capacity expansion where limits are set liberally. We also proactively monitor and upgrade our thresholds. On-demand capacity expansion is in near real-time as provided by our hosting partner.
Tools are in place to proactively monitor the health and security of our systems. Our monitoring tools notify our infra and security teams to act upon them, if there is an anomaly in the system.