Below is an overview of our security, privacy, and compliance program.
Security
Infrastructure Security
Multi-layered security architecture across cloud and application environments.
Continuous monitoring of workloads, configurations, and security posture via a CSPM-driven approach.
Enforced encryption for all data at rest and in transit (TLS 1.2+).
Identity & Access Management (IAM)
Zero-Trust–aligned identity governance model.
Multi-factor authentication for all internal users.
Centralized lifecycle management for employee access, onboarding, and off boarding.
Principle of least privilege applied across all systems.
Application & Network Security
Web Application Firewall (WAF) protection against common attack vectors.
Real-time detection of malicious and automated traffic.
Secure SDLC practices with privacy and security built into feature design.
Annual independent penetration testing to validate application security and proactively identify potential vulnerabilities.
Endpoint & Identity Threat Detection
Endpoint protection leveraging behavioral detection (EDR).
Identity Threat Detection capabilities to monitor anomalies and unauthorized activity.
Privacy
Privacy by Design
Privacy embedded into product development, architecture, and decision-making.
Data minimization and purpose-based processing across all systems.
Support for data subject rights under GDPR (access, deletion, rectification).
Data Protection
All sensitive data encrypted at rest and in transit.
Strict access controls with continuous auditing.
Secure, segregated environments for sensitive workloads.
Data Resilience
Automated daily backups of core databases.
Encrypted backup storage in isolated environments.
Regular integrity checks ensure recoverability.
Compliance Aspects
Regulatory Alignment
Our frameworks, controls, and internal policies align with major global standards and regulations including:
SOC 2 – Security, Availability, and Confidentiality controls.
HIPAA – Protection of PHI, access governance, and integrity safeguards.
GDPR – Transparency, lawful processing, and user privacy rights.
Security Governance
Documented policies and procedures covering security, privacy, access control, data protection, and incident response.
Regular reviews, updates, and training cycles.
Audits & Assessments
Periodic internal assessments and external audits.
Continuous risk management program with prioritized mitigation.
Vendor and partner audits aligned with TPRM practices.
Third-Party Risk Management (TPRM)
Our TPRM process ensures that all third-party partners meet the same standards we apply internally:
Risk-based vendor classification (data access, criticality, regulatory impact).
Security & privacy questionnaires aligned with SOC 2, HIPAA, and GDPR.
Verification of technical and organizational controls before onboarding.
Ongoing review of SLAs, certifications, and security updates.
Security Awareness
Continuous security awareness training for all teams.
Realistic phishing simulations to strengthen detection and response.
Clear internal communication channels for reporting and guidance.
A culture that views security as a shared responsibility.
Continuous Monitoring & Operations
Centralized dashboards for real-time detection of anomalies and misconfigurations.
Continuous monitoring of cloud resources, identities, endpoints, networks, and SaaS applications.
Structured incident response: detection → containment → eradication → recovery → lessons learned.
Regular posture evaluations and security KPIs.
Contact Us
We are committed to transparency and are happy to provide additional information.
Security Team: [email protected]