Overview

Secuvy is the leading data protection platform empowering people and organizations to improve enterprise data resiliency and compliance. This security policy provides a high-level overview of the security practices we follow. For any questions or feedback, contact info@secuvy.com

Secuvy Platform

Consumers are becoming more and more demanding for transparency and control over their data and regulations get more complex around the world. Built on AWS, Secuvy provides unparalleled protection of confidential consumer data and perfectly prevents compliance policy violations. AWS is responsible for the security of the underlying cloud infrastructure, while Secuvy takes care of securing workloads deployed in AWS. With certifications from accreditation bodies across the globe such as ISO 27001, FedRAMP, and PCI DSS, AWS is considered as the safest computing environment.

Encryption

Encryption in Transit

Using the advanced Transport Layer Security (TLS) system, all data sent to or from our infrastructure is encrypted in transit.

Encryption at Rest

Proper encryption and key management are critical factors in ensuring sensitive data is protected and your organization maintains compliance. Any customer data that is cataloged and identified by Secuvy platform as personal data is subjected to a one-way, irreversible hash and stored in the virtual database instance of the customer. At no point, such cataloged personal data is captured in clear-text in logs or databases. Using the best practice encryption algorithms in the database, all sensitive configuration data (e.g. passwords, database or SaaS credentials) is encrypted.

Data Retention and Removal

Secuvy retains users’ data for a period of 7 days after a trial ends or after a deletion request is received. All data is then completely removed from the dashboard and server. By contacting Secuvy’s support desk, customers can request the removal of their account.

Application Security Monitoring

  • Our Application Security Monitoring provides a constantly updated risk assessment and blocks live attacks and data breaches in real time. We also make use of cutting-edge technologies to monitor exceptions, logs and identify anomalies in our applications.
  • In order to supply an audit trail of our application’s activity, we collect and store logs.
  • Security events are logged and notifications are sent in case of critical attacks to allow for fast remediation.

Secure Development

  • Developers regularly take part in security training to keep themselves updated on the latest vulnerabilities and cyber threats.
  • For checking security vulnerabilities, we thoroughly review our code.
  • Host and container images are scanned on a regular basis to deal with the known vulnerabilities and also proactively update the dependencies.
  • In order to locate defective code, we use static code analysis.

Business Continuity and Disaster Recovery

In order to provide a quick recovery in case of disaster, we back up all our critical assets on a regular basis. All our backups are encrypted. All critical assets are configured with redundancy and thus provide high availability.

Responsible Disclosure

At Secuvy, we have taken optimum care to safeguard our cloud platform from various types of vulnerabilities and security threats thus making it a trusted platform for all our customers. We give top priority to data security and protection. If you are a security researcher and you've found a security issue in Secuvy platform including the cloud application and infrastructure, we encourage you to notify us in a responsible manner. We are always ready to recognize the efforts of vulnerability hunters by rewarding them with a token of appreciation, provided the reported security issue is of high severity and not known to us.

Disclosure Policy

  • Let us know as soon as possible upon the discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Refrain from disclosing the vulnerability details to the public outside of this process without explicit permission
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
The List of Accepted Vulnerabilities-
  • Cross-Site Scripting (XSS)
  • Open redirect
  • Cross-site Request Forgery (CSRF)
  • Command/File/URL inclusion
  • Authentication issues
  • Code execution
  • Code or database injections

User Protection

Like other cloud services, access to the Secuvy platform requires a login ID and password or integration with a Single-Sign-On (SSO) provider. At the time of subscribing to Secuvy platform, it is the sole responsibility of the customer to manage which end users should be given access and when the access should be taken away. Only valid account credentials should be used by authorized users to access the Secuvy platform.

Role-Based Access Control

Advanced role-based access control (RBAC) is offered on all our customer accounts and allows our users to define roles and permissions. With RBAC, security is managed at a level that corresponds closely to the organization's structure.

Compliance

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents. The law forces companies to provide more information to consumers about what’s being done with their data and gives them more control over the sharing of their data. We’re compliant to the California Consumer Privacy Act (CCPA).

General Data Protection Regulation (GDPR)

GDPR stands for General Data Protection Regulation. It's the core of Europe's digital privacy legislation. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. We’re compliant to the General Data Protection Regulation (GDPR).

Employee Access

At Secuvy, we follow a tight internal security strategy that prevents unauthorized intrusion to our customer data by any employee. Only a section of authorized Secuvy’s employees has access to customer data as needed to support the platform. Access to systems containing customer data is reviewed, monitored and changed on a regular basis. Our employees sign a Non-Disclosure and Confidentiality Agreement to protect our customers sensitive information.

Subscribe for Newsletter

Thank you Your Submisson has been received .
This email ID is already subscribed