Security At Personified
Security is Important at Personified
Security is a top priority at Personified. On this page, you'll find comprehensive information about the security of your data and our commitment to ensuring the safety and privacy of your information. We've also included details about our general security practices, as well as how you can reach out to our security team if you have any further questions that aren't answered here. Rest assured, your data is in good hands with Personified.
Personified takes the security of your data seriously. Our platform features robust controls to ensure the safety of your information:
Your data is always secure during transmission, with the use of TLS encryption. And when stored, it is encrypted at rest within Personified's storage tiers.
Your data is logically separated from others, and access to it is protected by strong authentication and authorization measures.
At Personified, we conduct regular audits and architecture reviews throughout the development process, including thorough code reviews.
Our platform is constantly monitored for potential threats, ensuring the safety of your data.
Our technology is designed for reliability and seamless operation, with redundant systems and no single points of failure. This allows us to maintain and update our platform with minimal downtime, keeping your data safe and secure at all times.
Key Security Features
Authentication with Personified
At Personified, we prioritize the security of our customer's data. To ensure this, we enforce a consistent password policy for all of our products. Customers accessing non-public data must authenticate via our user interface, which is always encrypted with the latest HTTPS encryption technology for added security. Our HTTPS implementation uses the industry-standard algorithms and certificates to guarantee the safety of your information. Passwords are stored using established technical approaches and security policies that meet industry standards. And rest assured, all stored data is encrypted at all times.
Authorization in Personified
Customer data is securely stored in multi-tenant systems that can only be accessed through our application user interfaces and APIs. Direct access to our infrastructure is not permitted. The authorization model in each of our products is designed to provide only authorized individuals with access to the relevant features, views, and configurations. Authorization to data sets is accomplished by verifying the user's permissions against the attributes associated with each data set. At Personified, we take the security of your data seriously and strive to provide a safe and secure experience for all of our customers.
Unreleased - Application Programming Interface (API) access
Public product APIs may be accessed using an API key or through other secure access methods.
Unreleased - Role-based access control
Personified allows you to assign role-specific access and permission to user entities in Personified products.
We use strong encryption standards to protect your data, both when it’s in transit and within the Personified network, as well as when it is at rest within the Personified cloud.
System monitoring and key activities related to billing, security, access and account management are securely logged.
At Personified, we understand how important your data is to you. That's why we take every measure to ensure that it's stored securely and in compliance with all relevant regulations. We work only with the most trusted cloud vendors who share our commitment to data security and privacy. So you can rest easy knowing that your data is in safe hands with us. Trust us to keep your digital hardware secure, so you can focus on what really matters - growing your business.
Our infrastructure runs on stable, regularly patched, versions of operating system images with carefully configured security groups, isolated VPC environments with well-defined network segmentation, role-based access control, and advanced web application firewall protection.
At Personified, we store all customer data securely in encrypted storage tiers. All customer data is encrypted at the server-side before and during storage. Optionally, client managed encryption keys will be supported. Data can be stored with at least dual redundancy and with regular backups.
We maintain all internal testing and validation data in a production-stack equivalent internal stack. Personified does not distribute actual customer data for internal testing or validation purposes.
Physical and Environmental Security
At Personified, we rely on the powerful infrastructure of Backendless to deliver a seamless and reliable service. We have implemented an internal security program to cover physical security at our offices, ensuring the safety and security of your data.
Our security team sets architectural guidelines, conducts code reviews, and reviews deployment of software systems that can interface with customer data. Our developers are trained with specific attention toward security. Our code review processes look for any code that could potentially violate security policies.
Our security team sets strict architectural guidelines, conducts thorough code reviews, and closely monitors the deployment of all software systems that can interface with customer data. Our developers are trained to prioritise security at every stage of development, and our rigorous code review processes are designed to detect any potential violations of our security policies.
We process all payments using Stripe, which has been certified as a PCI Level 1 Service Provider.
Personified hosts our service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements and privacy policies in order to protect data processed or stored by these vendors.
In addition to our regular security reviews, we partner with trusted third-party security companies to perform annual penetration tests across our product ecosystem.
Preventing Unauthorised Product Use
We implement industry standard access controls and detection capabilities for the internal networks that support Personified products.
Here are some of the ways we ensure the protection of your data:
Access controls: We implement network access control mechanisms to prevent unauthorised network traffic from reaching our product infrastructure.
Intrusion detection and prevention: We use a Web Application Firewall (WAF) to identify and prevent attacks against our publicly available network services.
Logs: We log activity across our platform, and our logs are monitored, analyzed, and stored in encrypted storage to prevent tampering or interruptions.
Background checks: All employees undergo a third-party background check prior to employment and are required to conduct themselves in a manner consistent with our company guidelines and ethical standards.
Product access: Only a subset of our employees have access to our products and stored data via controlled interfaces. Access is granted by role and is reviewed regularly to ensure data security. The intent of providing access to a subset of employees is to provide effective customer support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security.
Personified designed our infrastructure to log extensive information about the system behaviour, traffic received, system authentication, and other application requests. Internal systems aggregated log data and alert appropriate employees of malicious, unintended, or anomalous activities. Our personnel, including security, operations, and support personnel, are responsive to known incidents.
We have policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues. Our stated processes include:
Promptly respond to alerts of potential incidents
Determine the severity of the incident
Analyze and assess the extent of the incident
If necessary, execute mitigation and containment measures
Communicate with relevant internal and external stakeholders, including notifying affected customers to comply with relevant laws and regulations and to meet contractual obligations around breach or incident notifications
Gather and preserve evidence for investigative efforts
Conduct and document a postmortem and develop a permanent triage plan
The incident response policies and processes are actively reviewed as part of our ongoing efforts to comply with SOC 2 and other security assessments.
General Security Questions
If you have general security questions or concerns, please email us at email@example.com