Security Statement
Our commitment to protecting your data with industry-leading security practices.
Security is in Our DNA
As a security awareness platform, we hold ourselves to the highest standards. We practice what we preach — security is embedded in every aspect of our operations, from code development to data handling.
How We Protect Your Data
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Database backups are encrypted and stored in geographically separate locations.
Access Control
Role-based access control (RBAC) ensures users only access data relevant to their role. Multi-factor authentication (MFA) is enforced for all administrative accounts.
Continuous Monitoring
24/7 security monitoring with intrusion detection systems (IDS), log analysis, and automated alerting for suspicious activities across our infrastructure.
Vulnerability Management
Regular vulnerability scanning, penetration testing by third-party security firms, and a responsible disclosure program for security researchers.
Incident Response
Documented incident response procedures with defined escalation paths, communication protocols, and post-incident review processes.
Backup & Recovery
Automated daily backups with point-in-time recovery capability. Regular disaster recovery testing ensures business continuity.
Certifications & Standards
We maintain compliance with leading security frameworks and undergo regular third-party audits to validate our controls.
SOC 2 Type II
Annual audit of security, availability, and confidentiality controls
GDPR Compliant
Full compliance with EU General Data Protection Regulation
ISO 27001
Information security management system certification
HIPAA Ready
Controls and BAA available for healthcare organizations
Secure by Design
Cloud Infrastructure
Our platform is hosted on enterprise-grade cloud infrastructure with redundant systems, automatic failover, and geographic distribution to ensure high availability and data resilience.
Network Security
Multi-layered network security including Web Application Firewalls (WAF), DDoS protection, network segmentation, and regular penetration testing by certified third-party security firms.
Secure Development Lifecycle
All code undergoes peer review, static analysis, and automated security testing before deployment. We follow OWASP guidelines and maintain a security-first development culture.
Found a security vulnerability? We appreciate responsible disclosure.
Report a Vulnerability