All of our customer's data at rest and in transit within our solution is encrypted. On top of that, we are dedicated to ensuring that all customer and employee personal data is in line with the EU’s General Data Protection Regulation (GDPR).
To uncover potential exposures, we regularly hire some of the best application security experts in the industry for third-party penetration testing. Our penetration testers assess the source code, the running application, and the deployed environment. As an extra layer of precaution, we use Detectify to run periodic tests.
We use Amazon Web Services to host our application. We make full use of the security products built into the AWS ecosystem, including those with the strictest rules like GuardDuty, Inspector, and AWS Firewall. Our services are hosted in US-based AWS facilities, and our servers live within Drop's VPCs to prevent unauthorized network requests. We use Teleport to manage connections to our databases and block all public access.