Keeping your data secure is our top priority. This page shares the details about what we do to keep your data safe on Teamplify.

Hosted in AWS Europe

Teamplify is hosted in Amazon Web Services (AWS), region eu-north-1 (Stockholm). AWS is a world-leading cloud provider. Amazon data centers are among the best and most secure in the world. Its Compliance Programs include certifications with many IT standards, including ISO 27001, PCI DSS, SOC 1, SOC 2, SOC 3, FedRAMP, FIPS, HIPAA, NIST, and others.

Data encryption in transit and rest

All data transfers to and from Teamplify are performed via encrypted channels. On the Teamplify website, we use TLS with a strong configuration, rated A+ by the Qualys SSL Test .

Our production database, backups, and file storage are encrypted using the AES-256 algorithm. We use AWS KMS for encryption key management.

Secure development lifecycle

We rely on training, established processes, and automation to deeply ingrain security into every aspect of our software development. All our engineers take part in ongoing security training. We do code reviews, and security is our top priority in the code review process. Of course, we follow all the relevant OWASP recommendations.

Besides that, we use CI/CD and analyze our code with automated tools, including Static Application Security Testing (SAST) tools, linters, and automated tests. We automatically monitor our code dependencies for known vulnerabilities with GitHub Dependabot alerts and push the fixes immediately.

Secure configuration

Misconfiguration is arguably the main reason behind most data breaches. This is a very serious matter, so we put a lot of effort into making sure that all our systems are properly and securely configured.

All changes to our production configuration are version controlled, logged, and performed only by authorized Teamplify engineers. Ubiquitous automation greatly reduces the risk of misconfiguration and makes change reviews easier.

For the Teamplify web application, we use HSTS, a Content Security Policy (CSP) and other security headers, secure session cookies, and a number of other necessary settings and techniques to ensure safe website operation.