Security

Keeping your data secure is our top priority. Here are the details about how we keep your data safe on Teamplify.

Hosted in AWS Europe

Teamplify is hosted in Amazon Web Services (AWS), region eu-north-1 (Stockholm). AWS is a world-leading cloud provider. Amazon data centers are among the best and most secure in the world. Its Compliance Programs include certifications with many IT standards, including ISO 27001, PCI DSS, SOC 1, SOC 2, SOC 3, FedRAMP, FIPS, HIPAA, NIST, and others.

Data encryption in transit and rest

All data to and from Teamplify is transferred through encrypted channels. On the Teamplify website, we use TLS with a strong configuration, rated A+ by the Qualys SSL Test .

Our production database, backups, and file storage are encrypted using the AES-256 algorithm. We use AWS KMS for encryption key management.

Secure development lifecycle

Security is deeply ingrained into every aspect of our software development, which we routinely harden through training, established procedure, and automation. All our engineers take part in ongoing security training. When we do code reviews, security is the top priority of the review process. Of course, we also follow all the relevant OWASP recommendations.

Besides that, we use CI/CD and analyze our code with automated tools, including Static Application Security Testing (SAST) tools, linters, and automated tests. We automatically monitor our code dependencies for known vulnerabilities with GitHub Dependabot alerts and push the fixes immediately.

Secure configuration

Misconfiguration is arguably the main reason behind most data breaches. Because this is a very serious matter, we put a lot of effort into making sure that all our systems are properly and securely configured.

All changes to our production configuration are version controlled, logged, and performed only by authorized Teamplify engineers. Ubiquitous automation greatly reduces the risk of misconfiguration and makes it easier to review changes.

For the Teamplify web application, we use HSTS, a Content Security Policy (CSP) and other security headers, secure session cookies, and a number of other necessary settings and techniques to ensure safe website operation.