HomeGuidesTerms & ConceptsAPI DocumentationRelease NotesStatus
Security

Security

At Secberus, we prioritize security and are dedicated to safeguarding the privacy and safety of our users and their data. If you identify a security vulnerability in our system, please report it promptly by emailing our security team at [email protected] with detailed information about the vulnerability and any supporting evidence. We will strive to respond swiftly and keep you updated throughout the resolution process.

Compliance

Secberus has achieved SOC 2 Type II certification.
SOC 2 is part of the American Institute of CPAs (AICPA)’s Service Organization Control (SOC) reporting framework, which provides assurance about the effectiveness of controls relevant to security, availability, processing integrity, confidentiality, and privacy.

We conduct regular security reviews for both architecture and critical code. The production environment is isolated from development, testing, and staging environments. Customer data is strictly confined to the production environment. All changes to application code must be reviewed and approved by at least one person.

Infrastructure

Our production infrastructure incorporates redundancy measures like failover systems, content delivery networks, load balancing, and standby replicas to guarantee seamless and uninterrupted operations. We maintain a thorough Business Continuity Plan and Disaster Recovery Plan, which are reviewed annually to ensure our readiness for unforeseen events and to minimize business disruptions. Additionally, we use a third-party service to monitor performance and system information, allowing us to promptly detect and address any issues.

Application & Data

Our web application architecture and API implementation adhere to OWASP guidelines. Application actions are governed by unique permissions, and evaluated based on context such as user and role. We support Single Sign-On (SSO), with automatic provisioning of new SSO users and Role-Based Access Control (RBAC) support. Secrets and API tokens are encrypted at rest. We conduct an annual risk assessment and have an incident response plan to trace and resolve issues, followed by post-incident reviews.

All data transmissions are protected with TLS (HTTPS) encryption and HSTS, ensuring that customer information is encrypted during transit. Data is stored and managed by AWS, with full encrypted database backups performed nightly. System access is granted on a need-to-know basis and adheres to the principle of least privilege. Access to production AWS is restricted to a select group of key employees, controlled by a secure IdP, and protected by two-factor authentication. Customer data is deleted from Secberus in accordance with the Terms of Service and Privacy Policy after the termination of their contract.

Employee Security Measures

At Secberus, we encourage all employees to contribute to the security of our customer data and company assets. In compliance with legal requirements, we conduct background screenings on all personnel before they join our organization. Additionally, all Secberus employees participate in regular security and privacy awareness training, integrating security practices into both technical and non-technical roles.

Employee workstations are remotely managed with a secure MDM solution to reduce security risks and ensure that all software is up-to-date and properly configured. Disk encryption technology is implemented on all workstations to add an extra layer of protection for sensitive data, and remote wipe capability is available to erase data from lost or stolen devices.