Data Protection
Encryption
- Data in Transit: All communications encrypted using industry-standard TLS/SS protocols with regular certificate rotation.
- Data at Rest: Sensitive files encrypted using AES-256 encryption with secure key management and regular rotation.
Data Types Protected
- Employee Personal Information: Names, email addresses, phone numbers
- Employment Data: Organizational structure, reporting relationships
- Survey Responses: Employee feedback and assessment data
- Analytics: Aggregated insights and organizational reports
Operational Security
Infrastructure Security
- Enterprise-grade cloud hosting with high availability and redundancy
- Primary database is maintained on a private network, completely isolated from the public internet
- Firewall protection, network segmentation, and DDoS protection
- Intrusion detection/prevention with continuous network monitoring at the developer-level
- Disaster recovery capabilities
Our Infrastructure Vendors
Provider | Description |
AWS | Cloud-Services provider, used for data & object storage and cloud computation |
ControlPlane | Cloud-Services provider, used for application hosting |
Sentry | Data and Analytics platform, used for monitoring, alerting, and debugging |
PostHog | Data and Analytics platform, used for user analytics |
Twilio | Notifications Service, used for email and SMS messaging |
Cloudflare | Cloud-Services provider, used for data & object storage and cloud computation |
Security Monitoring
- Real-time security event monitoring with 24/7 operations
- Automated threat detection and anomaly alerting
- Tracking of authentication failures, unauthorized access attempts, and data-access anomalies
Backup & Recovery
- Regular automated backups with encrypted storage (daily backups with 30-day retention)
- Documented recovery procedures (sub-hour system recovery)
Security Controls Summary
Security Area | Controls Implemented |
Authentication | Passwordless auth, OAuth 2.0, SSO, session management |
Authorization Data | 5-tier RBAC, organization isolation, least privilege |
Protection Application | Encryption in transit/at rest, secure key management |
Security | Input validation, injection prevention, secure coding |
Infrastructure | Network security, access controls, monitoring |
Compliance | Security policies, privacy compliance |
