Staying up to date with possible vulnerabilities within the Cloud, we are hyper-focused on deploying and maintaining the utmost security of all data we handle. This is why we have chosen to stay within SOC2 and GDPR requirements, relying on partners such as Vanta, Prescient Security, and AWS to keep us up to date with the highest standards of safety.
All of our customer's data at rest and in transit within our solution is encrypted. On top of that, we are dedicated to ensuring that all customer and employee personal data is in line with the EU’s General Data Protection Regulation (GDPR).
To uncover potential exposures, we regularly hire some of the best application security experts in the industry for third-party penetration testing. Our penetration testers assess the source code, the running application, and the deployed environment. As an extra layer of precaution, we use Detectify to run periodic tests.
We use Amazon Web Services to host our application. We make full use of the security products built into the AWS ecosystem, including those with the strictest rules like GuardDuty, Inspector, and AWS Firewall. Our services are hosted in US-based AWS facilities, and our servers live within Drop's VPCs to prevent unauthorized network requests. We use Teleport to manage connections to our databases and block all public access.