Secuvy is the leading data protection platform empowering people and organizations to improve enterprise data resiliency and compliance. This security policy provides a high-level overview of the security practices we follow. For any questions or feedback, contact firstname.lastname@example.org
Consumers are becoming more and more demanding for transparency and control over their data and regulations get more complex around the world. Built on AWS, Secuvy provides unparalleled protection of confidential consumer data and perfectly prevents compliance policy violations. AWS is responsible for the security of the underlying cloud infrastructure, while Secuvy takes care of securing workloads deployed in AWS. With certifications from accreditation bodies across the globe such as ISO 27001, FedRAMP, and PCI DSS, AWS is considered as the safest computing environment.
Using the advanced Transport Layer Security (TLS) system, all data sent to or from our infrastructure is encrypted in transit.
Proper encryption and key management are critical factors in ensuring sensitive data is protected and your organization maintains compliance. Any customer data that is cataloged and identified by Secuvy platform as personal data is subjected to a one-way, irreversible hash and stored in the virtual database instance of the customer. At no point, such cataloged personal data is captured in clear-text in logs or databases. Using the best practice encryption algorithms in the database, all sensitive configuration data (e.g. passwords, database or SaaS credentials) is encrypted.
Secuvy retains users’ data for a period of 7 days after a trial ends or after a deletion request is received. All data is then completely removed from the dashboard and server. By contacting Secuvy’s support desk, customers can request the removal of their account.
In order to provide a quick recovery in case of disaster, we back up all our critical assets on a regular basis. All our backups are encrypted. All critical assets are configured with redundancy and thus provide high availability.
At Secuvy, we have taken optimum care to safeguard our cloud platform from various types of vulnerabilities and security threats thus making it a trusted platform for all our customers. We give top priority to data security and protection. If you are a security researcher and you've found a security issue in Secuvy platform including the cloud application and infrastructure, we encourage you to notify us in a responsible manner. We are always ready to recognize the efforts of vulnerability hunters by rewarding them with a token of appreciation, provided the reported security issue is of high severity and not known to us.
Like other cloud services, access to the Secuvy platform requires a login ID and password or integration with a Single-Sign-On (SSO) provider. At the time of subscribing to Secuvy platform, it is the sole responsibility of the customer to manage which end users should be given access and when the access should be taken away. Only valid account credentials should be used by authorized users to access the Secuvy platform.
Advanced role-based access control (RBAC) is offered on all our customer accounts and allows our users to define roles and permissions. With RBAC, security is managed at a level that corresponds closely to the organization's structure.
The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents. The law forces companies to provide more information to consumers about what’s being done with their data and gives them more control over the sharing of their data. We’re compliant to the California Consumer Privacy Act (CCPA).
GDPR stands for General Data Protection Regulation. It's the core of Europe's digital privacy legislation. GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. We’re compliant to the General Data Protection Regulation (GDPR).
At Secuvy, we follow a tight internal security strategy that prevents unauthorized intrusion to our customer data by any employee. Only a section of authorized Secuvy’s employees has access to customer data as needed to support the platform. Access to systems containing customer data is reviewed, monitored and changed on a regular basis. Our employees sign a Non-Disclosure and Confidentiality Agreement to protect our customers sensitive information.