At Porcify, we prioritize the privacy and security of our users' data. Our security policy is designed to safeguard the confidentiality, integrity, and availability of information entrusted to us. We employ robust security measures, including encryption, secure data storage, and network protections, to ensure the highest level of data protection.
1. Data Storage and Hosting
- Data Storage: Porcify utilizes Planetscale for data storage. Only authorized Porcify engineers have access to the stored data.
- Hosting: Porcify's services are hosted on Vercel. Uploaded images are hosted by Supabase on AWS infrastructure, which is SOC2 compliant.
- End-to-End Encryption: All data stored and transmitted by Porcify is encrypted using industry-standard AES256 encryption, ensuring data confidentiality and integrity.
- Transport Encryption: Porcify enforces HTTPS for all network traffic, providing secure communication channels between clients and servers.
3. Network Security and DDoS Mitigation
- Porcify's network infrastructure is protected against volumetric attacks by its cloud providers, which implement robust security measures and DDoS mitigation services.
- Rate Limiting: Porcify's systems enforce rate limits on APIs and database calls to protect against abusive activities and potential data breaches.
4. Infrastructure Security
- Serverless Infrastructure: Porcify's infrastructure is serverless, leveraging the security measures provided by the cloud service provider, including firewalls and threat detection capabilities.
- Malware Protection: Porcify's cloud service providers have state-of-the-art malware protection systems in place to detect and mitigate potential threats.
5. Data Location and Fallbacks
- All hosting and data are located in the United States, primarily in the us-east-1 and us-east-2 regions, with fallbacks distributed globally to ensure high availability and redundancy.
6. Device Management
- Company-provided devices are managed with Jamf, ensuring standardized and secure device configurations.
- Device configurations adhere to the Center for Internet Security (CIS) level 1 benchmark and are continuously enforced.
- Mobile device management deploys and enables relevant services to monitor and secure corporate endpoints.
7. Employee Onboarding and Background Checks
- Background checks are performed on new team members during onboarding, in compliance with local law and regulations.
- All team members complete security awareness training within 30 days of their hire date, covering company security policies, procedures, and cybersecurity risks.
- Annual security awareness training is required for all employees to enhance their ability to identify and respond to social engineering and other cybersecurity risks.
8. Incident Response and Monitoring
- Porcify maintains an incident response plan to effectively address security incidents, including data breaches or unauthorized access attempts.
- Regular monitoring of systems, networks, and applications is conducted to detect and respond to potential security vulnerabilities or suspicious activities.
9. Incident Response and Monitoring
- Porcify ensures that all third-party vendors, including Planetscale, Vercel, Supabase, and AWS, meet stringent security requirements and adhere to industry best practices.
- Regular assessments of third-party security controls are conducted to ensure ongoing compliance.
10. Security Audits and Reviews
- Periodic security audits and reviews are conducted to assess the effectiveness of Porcify's security measures, identify potential weaknesses, and implement necessary improvements.
11. Continuous Improvement
- Porcify is committed to continuously improving its security practices and technologies to address evolving threats and maintain the highest level of data protection.
- We encourage responsible disclosure of any vulnerabilities. When our own vulnerability disclosure software is released, we plan to utilize it. In the meantime, if you discover a vulnerability, please email us at firstname.lastname@example.org.
12. Contact us
If you have any questions or concerns about our privacy practices, please contact us at email@example.com.