Keeping your data secure is our top priority. This page shares the details about what we do to keep your data safe on Teamplify.
Teamplify is hosted in Amazon Web Services (AWS) , a world-leading cloud provider. Amazon data centers are among the best and most secure in the world. Its Compliance Programs include certifications with many IT standards, including ISO 27001, PCI DSS, SOC 1, SOC 2, SOC 3, FedRAMP, FIPS, HIPAA, NIST, and others.
All data transfers to and from Teamplify are performed via encrypted channels. On the Teamplify website, we use TLS with a strong configuration, rated A+ by the Qualys SSL Test .
Our production database, backups, and file storage are encrypted using the AES-256 algorithm. We use AWS KMS for encryption key management.
We rely on training, established processes, and automation to deeply ingrain security into every aspect of our software development. All our engineers take part in ongoing security training. We do code reviews, and security is our top priority in the code review process. Of course, we follow all the relevant OWASP recommendations.
Besides that, we use CI/CD and analyze our code with automated tools, including Static Application Security Testing (SAST) tools, linters, and automated tests. We automatically monitor our code dependencies for known vulnerabilities with GitHub Dependabot alerts and push the fixes immediately.
Misconfiguration is arguably the main reason behind most data breaches. This is a very serious matter, so we put a lot of effort into making sure that all our systems are properly and securely configured.
All changes to our production configuration are version controlled, logged, and performed only by authorized Teamplify engineers. Ubiquitous automation greatly reduces the risk of misconfiguration and makes change reviews easier.
For the Teamplify web application, we use HSTS, a Content Security Policy (CSP) and other security headers, secure session cookies, and a number of other necessary settings and techniques to ensure safe website operation.