Information Security Policy

Overview

Keeping our customers' data protected at all times is our highest priority. This security overview provides a high-level overview of the security practices put in place to achieve that objective.

Have questions or feedback? Feel free to reach out to us at infosec@madstreetden.com

Dedicated Security Team

Our dedicated Information Security team reviews the processes established for Information and Data Security periodically. It also audits adherence to processes by different departments. The Information Security team establishes and propagates the best practices of Information Security throughout the organization.

Infrastructure

All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers.

Our service is built on Amazon Web Services, which is certified by several standards like ISO 270001, SOC2, SOC3 etc. A full list of compliant standards can be found here. They provide strong security measures to protect our infrastructure. You can read more about their practices here.

Network level security monitoring and protection

All the resources inside the datacenter are secured using a Virtual Private Cloud (VPC). Firewalls are configured to allow traffic to only required endpoints. The entire VPC is monitored by a Learning Intrusion Detection System (IDS) which analyses the network flow logs of VPC and raises alarms on any detected suspicious activity.

Data encryption

All the product services are delivered using Encrypted SSL communication using TLS 1.0, TLS 1.1 and TLS 1.2. Secret keys, and other confidential information, are secured using a centralized Secrets Manager. The files stored in the cloud storage, and are encrypted using server side encryption using AES-256 encryption. The data stored in the databases are encrypted using block-level encryption.

Business continuity and disaster recovery

We back up all our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.

User protection

  • Role-based access control

Role-based access control (RBAC) is offered on all our accounts and allows our users to define roles and permissions.

Employee access

Our strict internal procedure prevents any employee or administrator from gaining access to user data. Limited exceptions can be made for customer support.

All our employees sign a Non-Disclosure and Confidentiality Agreement when joining the company to protect our customers' sensitive information.